SUSE Image Update Advisory: SUSE ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2000:26-1 Image Tags : SUSE:SLE-15-SP4:2 Image Release : Severity : critical Type : security References : 1000080 1000117 1000194 1000742 1002351 1002895 1003091 1005246 1010874 1010966 1011936 1015549 1027610 1027705 1029902 1030038 1032118 1032119 1035604 1039043 1039469 1040164 1040256 1041090 1042670 1047218 1049186 1049304 1050653 1050665 1055478 1055542 1056951 1057496 1061967 1062237 1064980 1066873 1068790 1070737 1070738 1070853 1071941 1073310 1073845 1073879 1074247 1076519 1077096 1077230 1078329 1079761 1080301 1081005 1081750 1081751 1082155 1082163 1082318 1083294 1083826 1084117 1084157 1085276 1085529 1085661 1087104 1088573 1090427 1090953 1093381 1093518 1093529 1093917 1094497 1094788 1094814 1094883 1095267 1095804 1096738 1096937 1097430 1097531 1098535 1099308 1099569 1101152 1102868 1103388 1103696 1104034 1108508 1109882 1109998 1110435 1110869 1110871 1111493 1111622 1111657 1112357 1113160 1113160 1115769 1118492 1118611 1119376 1119416 1119792 1120242 1121717 1121852 1122191 1123064 1123185 1123186 1123558 1124885 1125610 1125744 1125815 1126283 1126318 1127173 1128146 1128323 1128355 1128529 1128564 1129071 1129243 1129300 1129566 1130041 1130077 1130840 1131555 1131556 1131677 1131840 1132174 1132323 1132346 1132455 1132663 1132900 1133090 1133424 1134876 1135009 1136102 1136444 1138130 1138666 1138715 1138746 1138822 1139915 1140255 1141168 1142038 1142899 1143033 1143454 1143893 1143913 1143913 1143913 1143913 1144506 1146683 1148177 1149686 1149792 1150190 1150895 1152722 1153090 1153090 1153277 1153830 1154940 1154968 1154968 1155372 1155815 1156211 1156397 1156521 1156677 1156694 1156908 1157104 1157354 1159235 1159538 1161557 1161770 1162224 1162367 1162743 1163871 1163978 1164310 1165439 1165578 1165730 1165823 1165921 1165960 1166139 1166758 1167008 1167501 1167732 1167746 1168310 1168480 1168932 1168973 1169489 1170175 1170231 1170557 1170824 1170863 1171281 1171368 1171561 1171687 1172179 1172226 1172462 1172709 1172908 1172928 1173149 1173226 1173268 1173356 1173584 1174009 1174091 1174405 1174514 1174965 1175478 1175478 1175729 1175889 1175946 1176116 1176129 1176134 1176232 1176256 1176257 1176258 1176259 1176262 1176389 1176460 1176785 1176823 1176943 1176943 1176977 1177120 1177127 1177559 1177884 1177928 1178168 1178341 1178670 1179555 1179562 1179566 1179630 1179637 1179805 1179962 1180125 1180583 1180585 1180781 1180816 1180942 1181119 1181126 1181223 1181324 1181400 1181400 1181935 1181944 1182066 1182103 1182211 1182244 1182264 1182379 1182851 1182963 1183059 1183374 1183684 1183858 1184505 1185588 1185706 1185748 1186011 1186242 1186242 1186508 1186581 1186650 1186738 1187028 1187045 1187725 1188061 1188846 1190462 1190610 1190613 1190781 1191194 1191857 1191925 1192487 1193357 1193585 1193600 1193600 1194394 1194632 1195455 1195624 1195624 1195895 1196050 1196300 1196338 1196338 1196432 1196704 1196729 1197027 1197042 1197288 1197417 1197507 1197637 1197642 1197689 1197963 1198168 1198234 1198356 1198358 1198489 1198556 1198744 1198903 1198903 1198944 1199147 1199149 1199157 1199372 1199523 1199528 1199562 1199629 1199646 1199656 1199659 1199662 1199663 1199679 1199714 1199726 1199727 1199779 1199817 1199874 1199950 1199984 1199998 1200142 1200276 1200347 1200480 1200532 1200566 1200573 1200591 1200591 1200596 1200606 1200629 1200707 1200725 1200968 1200970 1201003 1201003 1201082 1201142 1201189 1201210 1201220 1201224 1201260 1201411 1201431 1201498 1201535 1201539 1201589 1201626 1201715 1201753 1201782 1201788 1201842 1201913 1201918 1202142 1202165 1202167 1202271 1202272 1202367 1202455 1202464 1202602 1202614 1202631 1202728 1202729 1202805 1202899 1203026 1203049 1203056 1203169 1203287 1203288 1203294 1203385 1203406 1203422 1203449 1203478 1203478 1203484 1203564 1203585 1203611 1204050 1204543 1204716 1204741 1204948 428177 431945 637176 657698 658604 673071 715423 743787 747125 750618 751718 754447 754677 761500 784670 787526 798455 799119 809831 811890 825221 828513 831629 834601 835687 835815 839107 84331 855666 858239 867887 871152 885662 885882 889363 892480 898917 907584 912460 913229 915479 917607 917759 917815 922448 929736 930189 931978 935856 937912 939456 940608 942385 942751 944204 945455 946648 947357 947679 948198 954486 954690 961334 962291 963974 964204 964472 964474 965830 967128 968270 968601 975875 981848 987798 988086 991250 992988 992989 992992 993130 993825 993968 994910 996255 997614 CVE-2011-3389 CVE-2011-4944 CVE-2012-0845 CVE-2012-1150 CVE-2013-1752 CVE-2013-4238 CVE-2013-4314 CVE-2013-7458 CVE-2014-0012 CVE-2014-1829 CVE-2014-1830 CVE-2014-2667 CVE-2014-4650 CVE-2014-7202 CVE-2014-7203 CVE-2014-9721 CVE-2015-2296 CVE-2015-8080 CVE-2016-10517 CVE-2016-10745 CVE-2016-8339 CVE-2016-9015 CVE-2017-15047 CVE-2017-18342 CVE-2018-11218 CVE-2018-11219 CVE-2018-18074 CVE-2018-20060 CVE-2018-7750 CVE-2019-10215 CVE-2019-10215 CVE-2019-10906 CVE-2019-11236 CVE-2019-11324 CVE-2019-13132 CVE-2019-15043 CVE-2019-20907 CVE-2019-20916 CVE-2019-5010 CVE-2019-6250 CVE-2019-8341 CVE-2019-9740 CVE-2019-9947 CVE-2020-11612 CVE-2020-12245 CVE-2020-13379 CVE-2020-14343 CVE-2020-15166 CVE-2020-15523 CVE-2020-15801 CVE-2020-1747 CVE-2020-25659 CVE-2020-26137 CVE-2020-27783 CVE-2020-28493 CVE-2020-29651 CVE-2020-36242 CVE-2020-8492 CVE-2021-20178 CVE-2021-20180 CVE-2021-20191 CVE-2021-20228 CVE-2021-21290 CVE-2021-23336 CVE-2021-27962 CVE-2021-28146 CVE-2021-28147 CVE-2021-28148 CVE-2021-28957 CVE-2021-29622 CVE-2021-29622 CVE-2021-29921 CVE-2021-3177 CVE-2021-33503 CVE-2021-3426 CVE-2021-3447 CVE-2021-3583 CVE-2021-3620 CVE-2021-37136 CVE-2021-37137 CVE-2021-41411 CVE-2021-42740 CVE-2021-43138 CVE-2022-0860 CVE-2022-21698 CVE-2022-21698 CVE-2022-22934 CVE-2022-22935 CVE-2022-22936 CVE-2022-22941 CVE-2022-22967 CVE-2022-2469 CVE-2022-24765 CVE-2022-29187 CVE-2022-31097 CVE-2022-31107 CVE-2022-31129 CVE-2022-31255 CVE-2022-43753 CVE-2022-43754 ----------------------------------------------------------------- The container SUSE was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:1712-1 Released: Mon Aug 20 17:01:17 2018 Summary: Recommended update for SUSE Manager Client Tools Type: recommended Severity: moderate References: 1039043,1083294,1093381,1093529,1094497,1101152 This update fixes the following issues: rhncfg: - Format the file mode in unified way. (bsc#1093529) spacewalk-backend: - Fix directory permissions. (bsc#1101152) - Feature: implement optional signing repository metadata. - Fix truncated result message of server actions. (bsc#1039043) - Do not copy 'foreign_entitlement' from virtual host to the registered guest. (bsc#1093381) - Spacewalk-debug: add Postgres configuration files. - Initial branding change for Uyuni. (bsc#1094497) spacewalk-remote-utils: - Fix ordering of channel data. (bsc#1083294) - Add RHEL 6.10 channel definitions. zypp-plugin-spacewalk: - Turn on metadata signature checking if signature is available. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:993-1 Released: Tue Apr 23 14:44:56 2019 Summary: Recommended update for python-python-memcached Type: recommended Severity: moderate References: 1131840,1133090 This update for python-python-memcached fixes the following issues: python-python-memcached was updated to 1.59: * Various fixes for python 3.7 and 3.6 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1691-1 Released: Mon Jun 24 16:21:37 2019 Summary: Recommended update for SUSE Manager Client Tools Type: recommended Severity: moderate References: 1095804,1103388,1103696,1104034,1118492,1120242,1125610,1125744,1128529,1128564,1129243,1129300,1130041,1130077,1131677,1132346,1133424,1134876,1136102,1138130,987798 This update fixes the following issues: koan: - Require virt-install only for RHEL6/7. Other distributions accepting Recommends must use it as virt-install is not available sometimes (for example SLED) - Change virt-install from Reccommends to Require because this fixes RHEL 6 & 7 - Fix regex error in the files section - Remove Recursion in python_sitelib and remove non relevant parts of the specfile - Replace python2_sitelib macro with python_sitelib to fix build on older distros. - Remove duplicate file section entrys - Adjust Group Tag to Development/Libraries/Python to satisfy linter prometheus-node_exporter: - Add the package to the SLE Basesytem module. (fate#327287) rhnlib: - Add group to python*-rhnlib to fix building at SLE11 - Read SSL decoded buffer completely when no pending bytes on the underlying connection. - Fix encoding issues after porting to Python 3. - Sync changes from Spacewalk - 1652859 - python3 http.client does not contain _set_hostport() - Use rpm for debian packaging - Bump version to 4.0.0 (bsc#1104034) - Fix copyright for the package specfile (bsc#1103696) spacecmd: - Save SSM list on system delete and update cache (bsc#1130077, bsc#1125744) - Replace iteritems with items for python2/3 compat (bsc#1129243) - Fix python 3 bytes issue when handling config channels - Prevent spacecmd crashing when piping the output in Python 3 (bsc#1125610) - Fix compatibility with Python 3 - Add function to merge errata and packages through spacecmd (bsc#987798) - Bump version to 4.0.0 (bsc#1104034) - Fix copyright for the package specfile (bsc#1103696) spacewalk-backend: - Use new names in code for client tool packages which were renamed (bsc#1134876) - Fix password prompt within mgr-sign-metadata - Fix TypeError for 'errata.getErrataInfo' XMLRPC handler (bsc#1132346) - Fix typo in syncing product extensions (bsc#1118492) - Fix mgr-sign-metadata-ctl checking of exported keys. - Use suseLib.get_proxy to get the HTTP proxy configuration properly on DEB repos (bsc#1133424) - Add support for mirrorlist and metalink on Zypper reposync. - Solve situations where synced packages have epoch 0 but reposync does not find them them on the database. - Fix path to the RPM database used by Zypper at reposync. - Add makefile for python linter and unit/integration tests - Fix linking of packages in reposync (bsc#1131677) - Include arch to distinct latest packages on reposync. - Migrate missing spacewalk-cfg-get script to Python3 - Improve dependency solving algorithm for spacewalk-repo-sync. - Remove apache access_compat module and adapt config files - Add support for getting latest versions from RPM packages when running 'spacewalk-repo-sync' after migration to Zypper. - Include packages dependencies on 'spacewalk-repo-sync' when using filters for RPM packages. - Allow package filtering (name matching) on spacewalk-repo-sync after migrating away from yum. - Fix crash when importing new channel families on 'mgr-inter-sync' (bsc#1129300) - Make Zypper to use the spacewalk GPG keyring in reposync (bsc#1128529) - Fix: handle non-standard filenames for comps.xml (bsc#1120242) - Make reposync use and append token correctly to the URL - Fix invalid mode error when doing spacewalk-repo-sync on Ubuntu official repos. - Fix bootstrapping SLE15 traditional client (bsc#1128564) - Fix reading LOB objects with python3 - Fix 'mgr-inter-sync' problems after Python 3 migration. - Mgr-sign-metadata can optionally clear-sign metadata files - Allow errata import from local repositories. - Fix 'rhnpush' after migration to Python 3. - Fix package import issues when package encoding is ISO8859-1. - Fix issues with HTTP proxy and reposync. - Solve Python 3 problem and allow traditional registration. - Add 'python-urlgrabber' as a new dependency. - Fix Python3 issues on satellite_tools scripts - Use 'Zypper' and 'libsolv' in 'spacewalk-repo-sync'. Replace 'yum'. - Require the correct dependency for python-rpm to allow the Proxy to work with Python3 only - Make rhn-ssl-dbstore compatible with python3 - Take only text files from /srv/salt to make spacewalk-debug smaller (bsc#1103388) - Support mirroring of source packages - Make spacewalk-backend code compatible with Python 3 - Prepare spacewalk-backend packages to build on Python 3 - Replace PyPAM with python-python-pam - Bump version to 4.0.0 (bsc#1104034) - Fix copyright for the package specfile (bsc#1103696) - Disable Oracle support for openSUSE (bsc#1095804) spacewalk-client-tools: - Fix bootstrapping SLE15 traditional client (bsc#1128564) - Sync with Spacewalk - Add ability to work behind http proxies - 1666099 - python3 is picky about bytes and string - Fix testConfig.py - Use rpm for debian packaging - Bump version to 4.0.0 (bsc#1104034) - Fix copyright for the package specfile (bsc#1103696) - The rhnsd service was replaced by rhnsd timer, so registration script and systemd presets are now adapted to this (bsc#1138130) spacewalk-koan: - Fix building on openSUSE 15.0 - Add Uyuni URL to package - Bump version to 4.0.0 (bsc#1104034) - Fix copyright for the package specfile (bsc#1103696) spacewalk-oscap: - Fix python2 compilation on openSUSE - Add Uyuni URL to package - Bump version to 4.0.0 (bsc#1104034) - Fix copyright for the package specfile (bsc#1103696) spacewalk-remote-utils: - Sync changes from Spacewalk - 1649374 - Update spacewalk-remote-utils with RHEL 7.6 channel definitions - 1633532 - Use python-gpg instead of python-gpgme where possible - Add Uyuni URL to package - Bump version to 4.0.0 (bsc#1104034) - Fix copyright for the package specfile (bsc#1103696) spacewalk-usix: - Add compatibility with Python 3 - Use rpm for debian packaging - Bump version to 4.0.0 (bsc#1104034) - Fix copyright for the package specfile (bsc#1103696) supportutils-plugin-susemanager-client: - Bump version to 4.0.0 (bsc#1104034) - Fix copyright for the package specfile (bsc#1103696) suseRegisterInfo: - Make suseRegisterInfo compatible with Python 2 and 3 - Bump version to 4.0.0 (bsc#1104034) - Fix copyright for the package specfile (bsc#1103696) zypp-plugin-spacewalk: - Fix python syntax error in distupgrade (bsc#1136102) mgr-daemon: - rhnsd service was replaced by rhnsd timer (bsc#1138130) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:3361-1 Released: Thu Dec 19 18:54:43 2019 Summary: Recommended update for SUSE Manager Client Tools Type: recommended Severity: moderate References: 1113160,1131556,1143913,1146683,1152722,1153090,1154968,1156211,1156397,1156521 This update fixes the following issues: golang-github-lusitaniae-apache_exporter: - Handle OS TERM signals - Add option to override host name golang-github-prometheus-prometheus: - Patch macros on spec file to support builds on SLE 12 - Remove prometheus.firewall.xml source file - Remove firewalld files. They are installed in the main firewalld package. - Update Uyuni/SUSE Manager service discovery patch + Fixes crashes when systems have no FQDN + Adds Parallel calls to Uyuni API, meaningful performance increase + Adds Support for system group labels - Do not install the firewalld config file on Tumbleweed (on versions newer than Leap 15.1). It's installed in the main firewalld package. - reorder some %install tasks - Add network-online (Wants and After) dependency to systemd unit bsc#1143913 - Only package required files (reduces rpm size by 4 MB) - Add sysconfig file - Add firewall config file - Use variables for defining user and group koan: - Fix auto installing VMs (bsc#1156211) rhnlib: - Fix malformed XML response when data contains non-ASCII chars (bsc#1154968) spacecmd: - Enable building and installing for Ubuntu 16.04 and Ubuntu 18.04 - Prevent error when piping stdout in Python 2 (bsc#1153090) spacewalk-backend: - Fix specfile for systems that do not yet use systemd - Fix spacewalk-update-signatures for python3 (bsc#1156521) - Fix problems with Package Hub repos having multiple rpms with same NEVRA but different checksums (bsc#1146683) - Add systemd service macros for diskcheck.service - Port diskcheck utility to 4.0.3 branch (bsc#1156397) - Use active values for diskchecker mails - Do not require parameters to start on column 1 - Add Requires: systemd for completeness - Create /usr/lib/systemd/systemd during build - BuildRequires: systemd for spacewalk-diskcheck - Add option spacecheck_shutdown; tidy up wording of notifications - Add disk space checker script - Fix broken spacewalk-data-fsck utility (bsc#1131556) spacewalk-client-tools: - Skip dmidecode data on aarch64 to prevent coredump (bsc#1113160) spacewalk-koan: - Gfx_type needs to default to 'vnc' (bsc#1156211) zypp-plugin-spacewalk: - Prevent possible encoding issues on Python 3 (bsc#1152722) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1972-1 Released: Tue Jul 21 02:39:24 2020 Summary: Security update for SUSE Manager Client Tools Type: security Severity: moderate References: 1113160,1138822,1142038,1148177,1153090,1153277,1154940,1154968,1155372,1163871,1165921,1168310,1170231,1170557,1170824,1171687,1172462,CVE-2019-10215,CVE-2019-15043,CVE-2020-12245,CVE-2020-13379 This update fixes the following issues: dracut-saltboot: - Print a list of available disk devices (bsc#1170824) - Install wipefs to initrd - Force install crypt modules golang-github-prometheus-prometheus: - Update change log and spec file + Modified spec file: default to golang 1.14 to avoid 'have choice' build issues in OBS. + Rebase and update patches for version 2.18.0 - Update to 2.18.0 + Features * Tracing: Added experimental Jaeger support #7148 + Changes * Federation: Only use local TSDB for federation (ignore remote read). #7096 * Rules: `rule_evaluations_total` and `rule_evaluation_failures_total` have a `rule_group` label now. #7094 + Enhancements * TSDB: Significantly reduce WAL size kept around after a block cut. #7098 * Discovery: Add `architecture` meta label for EC2. #7000 + Bug fixes * UI: Fixed wrong MinTime reported by /status. #7182 * React UI: Fixed multiselect legend on OSX. #6880 * Remote Write: Fixed blocked resharding edge case. #7122 * Remote Write: Fixed remote write not updating on relabel configs change. #7073 - Changes from 2.17.2 + Bug fixes * Federation: Register federation metrics #7081 * PromQL: Fix panic in parser error handling #7132 * Rules: Fix reloads hanging when deleting a rule group that is being evaluated #7138 * TSDB: Fix a memory leak when prometheus starts with an empty TSDB WAL #7135 * TSDB: Make isolation more robust to panics in web handlers #7129 #7136 - Changes from 2.17.1 + Bug fixes * TSDB: Fix query performance regression that increased memory and CPU usage #7051 - Changes from 2.17.0 + Features * TSDB: Support isolation #6841 * This release implements isolation in TSDB. API queries and recording rules are guaranteed to only see full scrapes and full recording rules. This comes with a certain overhead in resource usage. Depending on the situation, there might be some increase in memory usage, CPU usage, or query latency. + Enhancements * PromQL: Allow more keywords as metric names #6933 * React UI: Add normalization of localhost URLs in targets page #6794 * Remote read: Read from remote storage concurrently #6770 * Rules: Mark deleted rule series as stale after a reload #6745 * Scrape: Log scrape append failures as debug rather than warn #6852 * TSDB: Improve query performance for queries that partially hit the head #6676 * Consul SD: Expose service health as meta label #5313 * EC2 SD: Expose EC2 instance lifecycle as meta label #6914 * Kubernetes SD: Expose service type as meta label for K8s service role #6684 * Kubernetes SD: Expose label_selector and field_selector #6807 * Openstack SD: Expose hypervisor id as meta label #6962 + Bug fixes * PromQL: Do not escape HTML-like chars in query log #6834 #6795 * React UI: Fix data table matrix values #6896 * React UI: Fix new targets page not loading when using non-ASCII characters #6892 * Remote read: Fix duplication of metrics read from remote storage with external labels #6967 #7018 * Remote write: Register WAL watcher and live reader metrics for all remotes, not just the first one #6998 * Scrape: Prevent removal of metric names upon relabeling #6891 * Scrape: Fix 'superfluous response.WriteHeader call' errors when scrape fails under some circonstances #6986 * Scrape: Fix crash when reloads are separated by two scrape intervals #7011 - Changes from 2.16.0 + Features * React UI: Support local timezone on /graph #6692 * PromQL: add absent_over_time query function #6490 * Adding optional logging of queries to their own file #6520 + Enhancements * React UI: Add support for rules page and 'Xs ago' duration displays #6503 * React UI: alerts page, replace filtering togglers tabs with checkboxes #6543 * TSDB: Export metric for WAL write errors #6647 * TSDB: Improve query performance for queries that only touch the most recent 2h of data. #6651 * PromQL: Refactoring in parser errors to improve error messages #6634 * PromQL: Support trailing commas in grouping opts #6480 * Scrape: Reduce memory usage on reloads by reusing scrape cache #6670 * Scrape: Add metrics to track bytes and entries in the metadata cache #6675 * promtool: Add support for line-column numbers for invalid rules output #6533 * Avoid restarting rule groups when it is unnecessary #6450 + Bug fixes * React UI: Send cookies on fetch() on older browsers #6553 * React UI: adopt grafana flot fix for stacked graphs #6603 * React UI: broken graph page browser history so that back button works as expected #6659 * TSDB: ensure compactionsSkipped metric is registered, and log proper error if one is returned from head.Init #6616 * TSDB: return an error on ingesting series with duplicate labels #6664 * PromQL: Fix unary operator precedence #6579 * PromQL: Respect query.timeout even when we reach query.max-concurrency #6712 * PromQL: Fix string and parentheses handling in engine, which affected React UI #6612 * PromQL: Remove output labels returned by absent() if they are produced by multiple identical label matchers #6493 * Scrape: Validate that OpenMetrics input ends with `# EOF` #6505 * Remote read: return the correct error if configs can't be marshal'd to JSON #6622 * Remote write: Make remote client `Store` use passed context, which can affect shutdown timing #6673 * Remote write: Improve sharding calculation in cases where we would always be consistently behind by tracking pendingSamples #6511 * Ensure prometheus_rule_group metrics are deleted when a rule group is removed #6693 - Changes from 2.15.2 + Bug fixes * TSDB: Fixed support for TSDB blocks built with Prometheus before 2.1.0. #6564 * TSDB: Fixed block compaction issues on Windows. #6547 - Changes from 2.15.1 + Bug fixes * TSDB: Fixed race on concurrent queries against same data. #6512 - Changes from 2.15.0 + Features * API: Added new endpoint for exposing per metric metadata `/metadata`. #6420 #6442 + Changes * Discovery: Removed `prometheus_sd_kubernetes_cache_*` metrics. Additionally `prometheus_sd_kubernetes_workqueue_latency_seconds` and `prometheus_sd_kubernetes_workqueue_work_duration_seconds` metrics now show correct values in seconds. #6393 * Remote write: Changed `query` label on `prometheus_remote_storage_*` metrics to `remote_name` and `url`. #6043 + Enhancements * TSDB: Significantly reduced memory footprint of loaded TSDB blocks. #6418 #6461 * TSDB: Significantly optimized what we buffer during compaction which should result in lower memory footprint during compaction. #6422 #6452 #6468 #6475 * TSDB: Improve replay latency. #6230 * TSDB: WAL size is now used for size based retention calculation. #5886 * Remote read: Added query grouping and range hints to the remote read request #6401 * Remote write: Added `prometheus_remote_storage_sent_bytes_total` counter per queue. #6344 * promql: Improved PromQL parser performance. #6356 * React UI: Implemented missing pages like `/targets` #6276, TSDB status page #6281 #6267 and many other fixes and performance improvements. * promql: Prometheus now accepts spaces between time range and square bracket. e.g `[ 5m]` #6065 + Bug fixes * Config: Fixed alertmanager configuration to not miss targets when configurations are similar. #6455 * Remote write: Value of `prometheus_remote_storage_shards_desired` gauge shows raw value of desired shards and it's updated correctly. #6378 * Rules: Prometheus now fails the evaluation of rules and alerts where metric results collide with labels specified in `labels` field. #6469 * API: Targets Metadata API `/targets/metadata` now accepts empty `match_targets` parameter as in the spec. #6303 - Changes from 2.14.0 + Features * API: `/api/v1/status/runtimeinfo` and `/api/v1/status/buildinfo` endpoints added for use by the React UI. #6243 * React UI: implement the new experimental React based UI. #5694 and many more * Can be found by under `/new`. * Not all pages are implemented yet. * Status: Cardinality statistics added to the Runtime & Build Information page. #6125 + Enhancements * Remote write: fix delays in remote write after a compaction. #6021 * UI: Alerts can be filtered by state. #5758 + Bug fixes * Ensure warnings from the API are escaped. #6279 * API: lifecycle endpoints return 403 when not enabled. #6057 * Build: Fix Solaris build. #6149 * Promtool: Remove false duplicate rule warnings when checking rule files with alerts. #6270 * Remote write: restore use of deduplicating logger in remote write. #6113 * Remote write: do not reshard when unable to send samples. #6111 * Service discovery: errors are no longer logged on context cancellation. #6116, #6133 * UI: handle null response from API properly. #6071 - Changes from 2.13.1 + Bug fixes * Fix panic in ARM builds of Prometheus. #6110 * promql: fix potential panic in the query logger. #6094 * Multiple errors of http: superfluous response.WriteHeader call in the logs. #6145 - Changes from 2.13.0 + Enhancements * Metrics: renamed prometheus_sd_configs_failed_total to prometheus_sd_failed_configs and changed to Gauge #5254 * Include the tsdb tool in builds. #6089 * Service discovery: add new node address types for kubernetes. #5902 * UI: show warnings if query have returned some warnings. #5964 * Remote write: reduce memory usage of the series cache. #5849 * Remote read: use remote read streaming to reduce memory usage. #5703 * Metrics: added metrics for remote write max/min/desired shards to queue manager. #5787 * Promtool: show the warnings during label query. #5924 * Promtool: improve error messages when parsing bad rules. #5965 * Promtool: more promlint rules. #5515 + Bug fixes * UI: Fix a Stored DOM XSS vulnerability with query history [CVE-2019-10215](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10215). #6098 * Promtool: fix recording inconsistency due to duplicate labels. #6026 * UI: fixes service-discovery view when accessed from unhealthy targets. #5915 * Metrics format: OpenMetrics parser crashes on short input. #5939 * UI: avoid truncated Y-axis values. #6014 - Changes from 2.12.0 + Features * Track currently active PromQL queries in a log file. #5794 * Enable and provide binaries for `mips64` / `mips64le` architectures. #5792 + Enhancements * Improve responsiveness of targets web UI and API endpoint. #5740 * Improve remote write desired shards calculation. #5763 * Flush TSDB pages more precisely. tsdb#660 * Add `prometheus_tsdb_retention_limit_bytes` metric. tsdb#667 * Add logging during TSDB WAL replay on startup. tsdb#662 * Improve TSDB memory usage. tsdb#653, tsdb#643, tsdb#654, tsdb#642, tsdb#627 + Bug fixes * Check for duplicate label names in remote read. #5829 * Mark deleted rules' series as stale on next evaluation. #5759 * Fix JavaScript error when showing warning about out-of-sync server time. #5833 * Fix `promtool test rules` panic when providing empty `exp_labels`. #5774 * Only check last directory when discovering checkpoint number. #5756 * Fix error propagation in WAL watcher helper functions. #5741 * Correctly handle empty labels from alert templates. #5845 - Update Uyuni/SUSE Manager service discovery patch + Adapt service discovery to the new Uyuni API endpoints + Modified spec file: force golang 1.12 to fix build issues in SLE15SP2 - Update to Prometheus 2.11.2 grafana: - Update to version 7.0.3 * Features / Enhancements - Stats: include all fields. #24829, @ryantxu - Variables: change VariableEditorList row action Icon to IconButton. #25217, @hshoff * Bug fixes - Cloudwatch: Fix dimensions of DDoSProtection. #25317, @papagian - Configuration: Fix env var override of sections containing hyphen. #25178, @marefr - Dashboard: Get panels in collapsed rows. #25079, @peterholmberg - Do not show alerts tab when alerting is disabled. #25285, @dprokop - Jaeger: fixes cascader option label duration value. #25129, @Estrax - Transformations: Fixed Transform tab crash & no update after adding first transform. #25152, @torkelo - Update to version 7.0.2 * Bug fixes - Security: Urgent security patch release to fix CVE-2020-13379 - Update to version 7.0.1 * Features / Enhancements - Datasource/CloudWatch: Makes CloudWatch Logs query history more readable. #24795, @kaydelaney - Download CSV: Add date and time formatting. #24992, @ryantxu - Table: Make last cell value visible when right aligned. #24921, @peterholmberg - TablePanel: Adding sort order persistance. #24705, @torkelo - Transformations: Display correct field name when using reduce transformation. #25068, @peterholmberg - Transformations: Allow custom number input for binary operations. #24752, @ryantxu * Bug fixes - Dashboard/Links: Fixes dashboard links by tags not working. #24773, @KamalGalrani - Dashboard/Links: Fixes open in new window for dashboard link. #24772, @KamalGalrani - Dashboard/Links: Variables are resolved and limits to 100. #25076, @hugohaggmark - DataLinks: Bring back variables interpolation in title. #24970, @dprokop - Datasource/CloudWatch: Field suggestions no longer limited to prefix-only. #24855, @kaydelaney - Explore/Table: Keep existing field types if possible. #24944, @kaydelaney - Explore: Fix wrap lines toggle for results of queries with filter expression. #24915, @ivanahuckova - Explore: fix undo in query editor. #24797, @zoltanbedi - Explore: fix word break in type head info. #25014, @zoltanbedi - Graph: Legend decimals now work as expected. #24931, @torkelo - LoginPage: Fix hover color for service buttons. #25009, @tskarhed - LogsPanel: Fix scrollbar. #24850, @ivanahuckova - MoveDashboard: Fix for moving dashboard caused all variables to be lost. #25005, @torkelo - Organize transformer: Use display name in field order comparer. #24984, @dprokop - Panel: shows correct panel menu items in view mode. #24912, @hugohaggmark - PanelEditor Fix missing labels and description if there is only single option in category. #24905, @dprokop - PanelEditor: Overrides name matcher still show all original field names even after Field default display name is specified. #24933, @torkelo - PanelInspector: Makes sure Data display options are visible. #24902, @hugohaggmark - PanelInspector: Hides unsupported data display options for Panel type. #24918, @hugohaggmark - PanelMenu: Make menu disappear on button press. #25015, @tskarhed - Postgres: Fix add button. #25087, @phemmer - Prometheus: Fix recording rules expansion. #24977, @ivanahuckova - Stackdriver: Fix creating Service Level Objectives (SLO) datasource query variable. #25023, @papagian - Update to version 7.0.0 * Breaking changes - Removed PhantomJS: PhantomJS was deprecated in Grafana v6.4 and starting from Grafana v7.0.0, all PhantomJS support has been removed. This means that Grafana no longer ships with a built-in image renderer, and we advise you to install the Grafana Image Renderer plugin. - Dashboard: A global minimum dashboard refresh interval is now enforced and defaults to 5 seconds. - Interval calculation: There is now a new option Max data points that controls the auto interval $__interval calculation. Interval was previously calculated by dividing the panel width by the time range. With the new max data points option it is now easy to set $__interval to a dynamic value that is time range agnostic. For example if you set Max data points to 10 Grafana will dynamically set $__interval by dividing the current time range by 10. - Datasource/Loki: Support for deprecated Loki endpoints has been removed. - Backend plugins: Grafana now requires backend plugins to be signed, otherwise Grafana will not load/start them. This is an additional security measure to make sure backend plugin binaries and files haven't been tampered with. Refer to Upgrade Grafana for more information. - @grafana/ui: Forms migration notice, see @grafana/ui changelog - @grafana/ui: Select API change for creating custom values, see @grafana/ui changelog + Deprecation warnings - Scripted dashboards is now deprecated. The feature is not removed but will be in a future release. We hope to address the underlying requirement of dynamic dashboards in a different way. #24059 - The unofficial first version of backend plugins together with usage of grafana/grafana-plugin-model is now deprecated and support for that will be removed in a future release. Please refer to backend plugins documentation for information about the new officially supported backend plugins. * Features / Enhancements - Backend plugins: Log deprecation warning when using the unofficial first version of backend plugins. #24675, @marefr - Editor: New line on Enter, run query on Shift+Enter. #24654, @davkal - Loki: Allow multiple derived fields with the same name. #24437, @aocenas - Orgs: Add future deprecation notice. #24502, @torkelo * Bug Fixes - @grafana/toolkit: Use process.cwd() instead of PWD to get directory. #24677, @zoltanbedi - Admin: Makes long settings values line break in settings page. #24559, @hugohaggmark - Dashboard: Allow editing provisioned dashboard JSON and add confirmation when JSON is copied to dashboard. #24680, @dprokop - Dashboard: Fix for strange 'dashboard not found' errors when opening links in dashboard settings. #24416, @torkelo - Dashboard: Fix so default data source is selected when data source can't be found in panel editor. #24526, @mckn - Dashboard: Fixed issue changing a panel from transparent back to normal in panel editor. #24483, @torkelo - Dashboard: Make header names reflect the field name when exporting to CSV file from the the panel inspector. #24624, @peterholmberg - Dashboard: Make sure side pane is displayed with tabs by default in panel editor. #24636, @dprokop - Data source: Fix query/annotation help content formatting. #24687, @AgnesToulet - Data source: Fixes async mount errors. #24579, @Estrax - Data source: Fixes saving a data source without failure when URL doesn't specify a protocol. #24497, @aknuds1 - Explore/Prometheus: Show results of instant queries only in table. #24508, @ivanahuckova - Explore: Fix rendering of react query editors. #24593, @ivanahuckova - Explore: Fixes loading more logs in logs context view. #24135, @Estrax - Graphite: Fix schema and dedupe strategy in rollup indicators for Metrictank queries. #24685, @torkelo - Graphite: Makes query annotations work again. #24556, @hugohaggmark - Logs: Clicking 'Load more' from context overlay doesn't expand log row. #24299, @kaydelaney - Logs: Fix total bytes process calculation. #24691, @davkal - Org/user/team preferences: Fixes so UI Theme can be set back to Default. #24628, @AgnesToulet - Plugins: Fix manifest validation. #24573, @aknuds1 - Provisioning: Use proxy as default access mode in provisioning. #24669, @bergquist - Search: Fix select item when pressing enter and Grafana is served using a sub path. #24634, @tskarhed - Search: Save folder expanded state. #24496, @Clarity-89 - Security: Tag value sanitization fix in OpenTSDB data source. #24539, @rotemreiss - Table: Do not include angular options in options when switching from angular panel. #24684, @torkelo - Table: Fixed persisting column resize for time series fields. #24505, @torkelo - Table: Fixes Cannot read property subRows of null. #24578, @hugohaggmark - Time picker: Fixed so you can enter a relative range in the time picker without being converted to absolute range. #24534, @mckn - Transformations: Make transform dropdowns not cropped. #24615, @dprokop - Transformations: Sort order should be preserved as entered by user when using the reduce transformation. #24494, @hugohaggmark - Units: Adds scale symbol for currencies with suffixed symbol. #24678, @hugohaggmark - Variables: Fixes filtering options with more than 1000 entries. #24614, @hugohaggmark - Variables: Fixes so Textbox variables read value from url. #24623, @hugohaggmark - Zipkin: Fix error when span contains remoteEndpoint. #24524, @aocenas - SAML: Switch from email to login for user login attribute mapping (Enterprise) - Update Makefile and spec file * Remove phantomJS patch from Makefile * Fix multiline strings in Makefile * Exclude s390 from SLE12 builds, golang 1.14 is not built for s390 - Add instructions for patching the Grafana javascript frontend. - BuildRequires golang(API) instead of go metapackage version range * BuildRequires: golang(API) >= 1.14 from BuildRequires: ( go >= 1.14 with go < 1.15 ) - Update to version 6.7.3 - This version fixes bsc#1170557 and its corresponding CVE-2020-12245 - Admin: Fix Synced via LDAP message for non-LDAP external users. #23477, @alexanderzobnin - Alerting: Fixes notifications for alerts with empty message in Google Hangouts notifier. #23559, @hugohaggmark - AuthProxy: Fixes bug where long username could not be cached.. #22926, @jcmcken - Dashboard: Fix saving dashboard when editing raw dashboard JSON model. #23314, @peterholmberg - Dashboard: Try to parse 8 and 15 digit numbers as timestamps if parsing of time range as date fails. #21694, @jessetan - DashboardListPanel: Fixed problem with empty panel after going into edit mode (General folder filter being automatically added) . #23426, @torkelo - Data source: Handle datasource withCredentials option properly. #23380, @hvtuananh - Security: Fix annotation popup XSS vulnerability. #23813, @torkelo - Server: Exit Grafana with status code 0 if no error. #23312, @aknuds1 - TablePanel: Fix XSS issue in header column rename (backport). #23814, @torkelo - Variables: Fixes error when setting adhoc variable values. #23580, @hugohaggmark - Update to version 6.7.2: (see installed changelog for the full list of changes) - BackendSrv: Adds config to response to fix issue for external plugins that used this property . #23032, @torkelo - Dashboard: Fixed issue with saving new dashboard after changing title . #23104, @dprokop - DataLinks: make sure we use the correct datapoint when dataset contains null value.. #22981, @mckn - Plugins: Fixed issue for plugins that imported dateMath util . #23069, @mckn - Security: Fix for dashboard snapshot original dashboard link could contain XSS vulnerability in url. #23254, @torkelo - Variables: Fixes issue with too many queries being issued for nested template variables after value change. #23220, @torkelo - Plugins: Expose promiseToDigest. #23249, @torkelo - Reporting (Enterprise): Fixes issue updating a report created by someone else - Update to 6.7.1: (see installed changelog for the full list of changes) Bug Fixes - Azure: Fixed dropdowns not showing current value. #22914, @torkelo - BackendSrv: only add content-type on POST, PUT requests. #22910, @hugohaggmark - Panels: Fixed size issue with panel internal size when exiting panel edit mode. #22912, @torkelo - Reporting: fixes migrations compatibility with mysql (Enterprise) - Reporting: Reduce default concurrency limit to 4 (Enterprise) - Update to 6.7.0: (see installed changelog for the full list of changes) Bug Fixes - AngularPanels: Fixed inner height calculation for angular panels . #22796, @torkelo - BackendSrv: makes sure provided headers are correctly recognized and set. #22778, @hugohaggmark - Forms: Fix input suffix position (caret-down in Select) . #22780, @torkelo - Graphite: Fixed issue with query editor and next select metric now showing after selecting metric node . #22856, @torkelo - Rich History: UX adjustments and fixes. #22729, @ivanahuckova - Update to 6.7.0-beta1: Breaking changes - Slack: Removed Mention setting and instead introduce Mention Users, Mention Groups, and Mention Channel. The first two settings require user and group IDs, respectively. This change was necessary because the way of mentioning via the Slack API changed and mentions in Slack notifications no longer worked. - Alerting: Reverts the behavior of diff and percent_diff to not always be absolute. Something we introduced by mistake in 6.1.0. Alerting now support diff(), diff_abs(), percent_diff() and percent_diff_abs(). #21338 - Notice about changes in backendSrv for plugin authors In our mission to migrate away from AngularJS to React we have removed all AngularJS dependencies in the core data retrieval service backendSrv. Removing the AngularJS dependencies in backendSrv has the unfortunate side effect of AngularJS digest no longer being triggered for any request made with backendSrv. Because of this, external plugins using backendSrv directly may suffer from strange behaviour in the UI. To remedy this issue, as a plugin author you need to trigger the digest after a direct call to backendSrv. Bug Fixes API: Fix redirect issues. #22285, @papagian Alerting: Don't include image_url field with Slack message if empty. #22372, @aknuds1 Alerting: Fixed bad background color for default notifications in alert tab . #22660, @krvajal Annotations: In table panel when setting transform to annotation, they will now show up right away without a manual refresh. #22323, @krvajal Azure Monitor: Fix app insights source to allow for new __timeFrom and __timeTo. #21879, @ChadNedzlek BackendSrv: Fixes POST body for form data. #21714, @hugohaggmark CloudWatch: Credentials cache invalidation fix. #22473, @sunker CloudWatch: Expand alias variables when query yields no result. #22695, @sunker Dashboard: Fix bug with NaN in alerting. #22053, @a-melnyk Explore: Fix display of multiline logs in log panel and explore. #22057, @thomasdraebing Heatmap: Legend color range is incorrect when using custom min/max. #21748, @sv5d Security: Fixed XSS issue in dashboard history diff . #22680, @torkelo StatPanel: Fixes base color is being used for null values . #22646, @torkelo - Update to version 6.6.2: (see installed changelog for the full list of changes) - Update to version 6.6.1: (see installed changelog for the full list of changes) - Update to version 6.6.0: (see installed changelog for the full list of changes) - Update to version 6.5.3: (see installed changelog for the full list of changes) - Update to version 6.5.2: (see installed changelog for the full list of changes) - Update to version 6.5.1: (see installed changelog for the full list of changes) - Update to version 6.5.0 (see installed changelog for the full list of changes) - Update to version 6.4.5: * Create version 6.4.5 * CloudWatch: Fix high CPU load (#20579) - Add obs-service-go_modules to download required modules into vendor.tar.gz - Adjusted spec file to use vendor.tar.gz - Adjusted Makefile to work with new filenames - BuildRequire go1.14 - Update to version 6.4.4: * DataLinks: Fix blur issues. #19883, @aocenas * Docker: Makes it possible to parse timezones in the docker image. #20081, @xlson * LDAP: All LDAP servers should be tried even if one of them returns a connection error. #20077, @jongyllen * LDAP: No longer shows incorrectly matching groups based on role in debug page. #20018, @xlson * Singlestat: Fix no data / null value mapping . #19951, @ryantxu - Revert the spec file and make script - Remove PhantomJS dependency - Update to 6.4.3 * Bug Fixes - Alerting: All notification channels should send even if one fails to send. #19807, @jan25 - AzureMonitor: Fix slate interference with dropdowns. #19799, @aocenas - ContextMenu: make ContextMenu positioning aware of the viewport width. #19699, @krvajal - DataLinks: Fix context menu not showing in singlestat-ish visualisations. #19809, @dprokop - DataLinks: Fix url field not releasing focus. #19804, @aocenas - Datasource: Fixes clicking outside of some query editors required 2 clicks. #19822, @aocenas - Panels: Fixes default tab for visualizations without Queries Tab. #19803, @hugohaggmark - Singlestat: Fixed issue with mapping null to text. #19689, @torkelo - @grafana/toolkit: Don't fail plugin creation when git user.name config is not set. #19821, @dprokop - @grafana/toolkit: TSLint line number off by 1. #19782, @fredwangwang - Update to 6.4.2 * Bug Fixes - CloudWatch: Changes incorrect dimension wmlid to wlmid . #19679, @ATTron - Grafana Image Renderer: Fixes plugin page. #19664, @hugohaggmark - Graph: Fixes auto decimals logic for y axis ticks that results in too many decimals for high values. #19618, @torkelo - Graph: Switching to series mode should re-render graph. #19623, @torkelo - Loki: Fix autocomplete on label values. #19579, @aocenas - Loki: Removes live option for logs panel. #19533, @davkal - Profile: Fix issue with user profile not showing more than sessions sessions in some cases. #19578, @huynhsamha - Prometheus: Fixes so results in Panel always are sorted by query order. #19597, @hugohaggmark - ShareQuery: Fixed issue when using -- Dashboard -- datasource (to share query result) when dashboard had rows. #19610, @torkelo - Show SAML login button if SAML is enabled. #19591, @papagian - SingleStat: Fixes postfix/prefix usage. #19687, @hugohaggmark - Table: Proper handling of json data with dataframes. #19596, @marefr - Units: Fixed wrong id for Terabits/sec. #19611, @andreaslangnevyjel - Changes from 6.4.1 * Bug Fixes - Provisioning: Fixed issue where empty nested keys in YAML provisioning caused a server crash, #19547 - ImageRendering: Fixed issue with image rendering in enterprise build (Enterprise) - Reporting: Fixed issue with reporting service when STMP was disabled (Enterprise). - Changes from 6.4.0 * Features / Enhancements - Build: Upgrade go to 1.12.10. #19499, @marefr - DataLinks: Suggestions menu improvements. #19396, @dprokop - Explore: Take root_url setting into account when redirecting from dashboard to explore. #19447, @ivanahuckova - Explore: Update broken link to logql docs. #19510, @ivanahuckova - Logs: Adds Logs Panel as a visualization. #19504, @davkal * Bug Fixes - CLI: Fix version selection for plugin install. #19498, @aocenas - Graph: Fixes minor issue with series override color picker and custom color . #19516, @torkelo - Changes from 6.4.0 Beta 2 * Features / Enhancements - Azure Monitor: Remove support for cross resource queries (#19115)'. #19346, @sunker - Docker: Upgrade packages to resolve reported vulnerabilities. #19188, @marefr - Graphite: Time range expansion reduced from 1 minute to 1 second. #19246, @torkelo - grafana/toolkit: Add plugin creation task. #19207, @dprokop * Bug Fixes - Alerting: Prevents creating alerts from unsupported queries. #19250, @hugohaggmark - Alerting: Truncate PagerDuty summary when greater than 1024 characters. #18730, @nvllsvm - Cloudwatch: Fix autocomplete for Gamelift dimensions. #19146, @kevinpz - Dashboard: Fix export for sharing when panels use default data source. #19315, @torkelo - Database: Rewrite system statistics query to perform better. #19178, @papagian - Gauge/BarGauge: Fix issue with [object Object] in titles . #19217, @ryantxu - MSSQL: Revert usage of new connectionstring format introduced by #18384. #19203, @marefr - Multi-LDAP: Do not fail-fast on invalid credentials. #19261, @gotjosh - MySQL, Postgres, MSSQL: Fix validating query with template variables in alert . #19237, @marefr - MySQL, Postgres: Update raw sql when query builder updates. #19209, @marefr - MySQL: Limit datasource error details returned from the backend. #19373, @marefr - Changes from 6.4.0 Beta 1 * Features / Enhancements - API: Readonly datasources should not be created via the API. #19006, @papagian - Alerting: Include configured AlertRuleTags in Webhooks notifier. #18233, @dominic-miglar - Annotations: Add annotations support to Loki. #18949, @aocenas - Annotations: Use a single row to represent a region. #17673, @ryantxu - Auth: Allow inviting existing users when login form is disabled. #19048, @548017 - Azure Monitor: Add support for cross resource queries. #19115, @sunker - CLI: Allow installing custom binary plugins. #17551, @aocenas - Dashboard: Adds Logs Panel (alpha) as visualization option for Dashboards. #18641, @hugohaggmark - Dashboard: Reuse query results between panels . #16660, @ryantxu - Dashboard: Set time to to 23:59:59 when setting To time using calendar. #18595, @simPod - DataLinks: Add DataLinks support to Gauge, BarGauge and SingleStat2 panel. #18605, @ryantxu - DataLinks: Enable access to labels & field names. #18918, @torkelo - DataLinks: Enable multiple data links per panel. #18434, @dprokop - Docker: switch docker image to alpine base with phantomjs support. #18468, @DanCech - Elasticsearch: allow templating queries to order by doc_count. #18870, @hackery - Explore: Add throttling when doing live queries. #19085, @aocenas - Explore: Adds ability to go back to dashboard, optionally with query changes. #17982, @kaydelaney - Explore: Reduce default time range to last hour. #18212, @davkal - Gauge/BarGauge: Support decimals for min/max. #18368, @ryantxu - Graph: New series override transform constant that renders a single point as a line across the whole graph. #19102, @davkal - Image rendering: Add deprecation warning when PhantomJS is used for rendering images. #18933, @papagian - InfluxDB: Enable interpolation within ad-hoc filter values. #18077, @kvc-code - LDAP: Allow an user to be synchronized against LDAP. #18976, @gotjosh - Ldap: Add ldap debug page. #18759, @peterholmberg - Loki: Remove prefetching of default label values. #18213, @davkal - Metrics: Add failed alert notifications metric. #18089, @koorgoo - OAuth: Support JMES path lookup when retrieving user email. #14683, @bobmshannon - OAuth: return GitLab groups as a part of user info (enable team sync). #18388, @alexanderzobnin - Panels: Add unit for electrical charge - ampere-hour. #18950, @anirudh-ramesh - Plugin: AzureMonitor - Reapply MetricNamespace support. #17282, @raphaelquati - Plugins: better warning when plugins fail to load. #18671, @ryantxu - Postgres: Add support for scram sha 256 authentication. #18397, @nonamef - RemoteCache: Support SSL with Redis. #18511, @kylebrandt - SingleStat: The gauge option in now disabled/hidden (unless it's an old panel with it already enabled) . #18610, @ryantxu - Stackdriver: Add extra alignment period options. #18909, @sunker - Units: Add South African Rand (ZAR) to currencies. #18893, @jeteon - Units: Adding T,P,E,Z,and Y bytes. #18706, @chiqomar * Bug Fixes - Alerting: Notification is sent when state changes from no_data to ok. #18920, @papagian - Alerting: fix duplicate alert states when the alert fails to save to the database. #18216, @kylebrandt - Alerting: fix response popover prompt when add notification channels. #18967, @lzdw - CloudWatch: Fix alerting for queries with Id (using GetMetricData). #17899, @alex-berger - Explore: Fix auto completion on label values for Loki. #18988, @aocenas - Explore: Fixes crash using back button with a zoomed in graph. #19122, @hugohaggmark - Explore: Fixes so queries in Explore are only run if Graph/Table is shown. #19000, @hugohaggmark - MSSQL: Change connectionstring to URL format to fix using passwords with semicolon. #18384, @Russiancold - MSSQL: Fix memory leak when debug enabled. #19049, @briangann - Provisioning: Allow escaping literal '$' with '$$' in configs to avoid interpolation. #18045, @kylebrandt - TimePicker: Fixes hiding time picker dropdown in FireFox. #19154, @hugohaggmark * Breaking changes + Annotations There are some breaking changes in the annotations HTTP API for region annotations. Region annotations are now represented using a single event instead of two seperate events. Check breaking changes in HTTP API below and HTTP API documentation for more details. + Docker Grafana is now using Alpine 3.10 as docker base image. + HTTP API - GET /api/alert-notifications now requires at least editor access. New /api/alert-notifications/lookup returns less information than /api/alert-notifications and can be access by any authenticated user. - GET /api/alert-notifiers now requires at least editor access - GET /api/org/users now requires org admin role. New /api/org/users/lookup returns less information than /api/org/users and can be access by users that are org admins, admin in any folder or admin of any team. - GET /api/annotations no longer returns regionId property. - POST /api/annotations no longer supports isRegion property. - PUT /api/annotations/:id no longer supports isRegion property. - PATCH /api/annotations/:id no longer supports isRegion property. - DELETE /api/annotations/region/:id has been removed. * Deprecation notes + PhantomJS - PhantomJS, which is used for rendering images of dashboards and panels, is deprecated and will be removed in a future Grafana release. A deprecation warning will from now on be logged when Grafana starts up if PhantomJS is in use. Please consider migrating from PhantomJS to the Grafana Image Renderer plugin. - Changes from 6.3.6 * Features / Enhancements - Metrics: Adds setting for turning off total stats metrics. #19142, @marefr * Bug Fixes - Database: Rewrite system statistics query to perform better. #19178, @papagian - Explore: Fixes error when switching from prometheus to loki data sources. #18599, @kaydelaney - Rebase package spec. Use mostly from fedora, fix suse specified things and fix some errors. - Add missing directories provisioning/datasources and provisioning/notifiers and sample.yaml as described in packaging/rpm/control from upstream. Missing directories are shown in logfiles. - Version 6.3.5 * Upgrades + Build: Upgrade to go 1.12.9. * Bug Fixes + Dashboard: Fixes dashboards init failed loading error for dashboards with panel links that had missing properties. + Editor: Fixes issue where only entire lines were being copied. + Explore: Fixes query field layout in splitted view for Safari browsers. + LDAP: multildap + ldap integration. + Profile/UserAdmin: Fix for user agent parser crashes grafana-server on 32-bit builds. + Prometheus: Prevents panel editor crash when switching to Prometheus datasource. + Prometheus: Changes brace-insertion behavior to be less annoying. - Version 6.3.4 * Security: CVE-2019-15043 - Parts of the HTTP API allow unauthenticated use. - Version 6.3.3 * Bug Fixes + Annotations: Fix failing annotation query when time series query is cancelled. #18532 1, @dprokop 1 + Auth: Do not set SameSite cookie attribute if cookie_samesite is none. #18462 1, @papagian 3 + DataLinks: Apply scoped variables to data links correctly. #18454 1, @dprokop 1 + DataLinks: Respect timezone when displaying datapoint’s timestamp in graph context menu. #18461 2, @dprokop 1 + DataLinks: Use datapoint timestamp correctly when interpolating variables. #18459 1, @dprokop 1 + Explore: Fix loading error for empty queries. #18488 1, @davkal + Graph: Fixes legend issue clicking on series line icon and issue with horizontal scrollbar being visible on windows. #18563 1, @torkelo 2 + Graphite: Avoid glob of single-value array variables . #18420, @gotjosh + Prometheus: Fix queries with label_replace remove the $1 match when loading query editor. #18480 5, @hugohaggmark 3 + Prometheus: More consistently allows for multi-line queries in editor. #18362 2, @kaydelaney 2 + TimeSeries: Assume values are all numbers. #18540 4, @ryantxu - Version 6.3.2 * Bug Fixes + Gauge/BarGauge: Fixes issue with losts thresholds and issue loading Gauge with avg stat. #18375 12 - Version 6.3.1 * Bug Fixes + PanelLinks: Fix crash issue Gauge & Bar Gauge for panels with panel links (drill down links). #18430 2 - Version 6.3.0 * Features / Enhancements + OAuth: Do not set SameSite OAuth cookie if cookie_samesite is None. #18392 4, @papagian 3 + Auth Proxy: Include additional headers as part of the cache key. #18298 6, @gotjosh + Build grafana images consistently. #18224 12, @hassanfarid + Docs: SAML. #18069 11, @gotjosh + Permissions: Show plugins in nav for non admin users but hide plugin configuration. #18234 1, @aocenas + TimePicker: Increase max height of quick range dropdown. #18247 2, @torkelo 2 + Alerting: Add tags to alert rules. #10989 13, @Thib17 1 + Alerting: Attempt to send email notifications to all given email addresses. #16881 1, @zhulongcheng + Alerting: Improve alert rule testing. #16286 2, @marefr + Alerting: Support for configuring content field for Discord alert notifier. #17017 2, @jan25 + Alertmanager: Replace illegal chars with underscore in label names. #17002 5, @bergquist 1 + Auth: Allow expiration of API keys. #17678, @papagian 3 + Auth: Return device, os and browser when listing user auth tokens in HTTP API. #17504, @shavonn 1 + Auth: Support list and revoke of user auth tokens in UI. #17434 2, @shavonn 1 + AzureMonitor: change clashing built-in Grafana variables/macro names for Azure Logs. #17140, @shavonn 1 + CloudWatch: Made region visible for AWS Cloudwatch Expressions. #17243 2, @utkarshcmu + Cloudwatch: Add AWS DocDB metrics. #17241, @utkarshcmu + Dashboard: Use timezone dashboard setting when exporting to CSV. #18002 1, @dehrax + Data links. #17267 11, @torkelo 2 + Docker: Switch base image to ubuntu:latest from debian:stretch to avoid security issues… #17066 5, @bergquist 1 + Elasticsearch: Support for visualizing logs in Explore . #17605 7, @marefr + Explore: Adds Live option for supported datasources. #17062 1, @hugohaggmark 3 + Explore: Adds orgId to URL for sharing purposes. #17895 1, @kaydelaney 2 + Explore: Adds support for new loki ‘start’ and ‘end’ params for labels endpoint. #17512, @kaydelaney 2 + Explore: Adds support for toggling raw query mode in explore. #17870, @kaydelaney 2 + Explore: Allow switching between metrics and logs . #16959 2, @marefr + Explore: Combines the timestamp and local time columns into one. #17775, @hugohaggmark 3 + Explore: Display log lines context . #17097, @dprokop 1 + Explore: Don’t parse log levels if provided by field or label. #17180 1, @marefr + Explore: Improves performance of Logs element by limiting re-rendering. #17685, @kaydelaney 2 + Explore: Support for new LogQL filtering syntax. #16674 4, @davkal + Explore: Use new TimePicker from Grafana/UI. #17793, @hugohaggmark 3 + Explore: handle newlines in LogRow Highlighter. #17425, @rrfeng 1 + Graph: Added new fill gradient option. #17528 3, @torkelo 2 + GraphPanel: Don’t sort series when legend table & sort column is not visible . #17095, @shavonn 1 + InfluxDB: Support for visualizing logs in Explore. #17450 9, @hugohaggmark 3 + Logging: Login and Logout actions (#17760). #17883 1, @ATTron + Logging: Move log package to pkg/infra. #17023, @zhulongcheng + Metrics: Expose stats about roles as metrics. #17469 2, @bergquist 1 + MySQL/Postgres/MSSQL: Add parsing for day, weeks and year intervals in macros. #13086 6, @bernardd + MySQL: Add support for periodically reloading client certs. #14892, @tpetr + Plugins: replace dataFormats list with skipDataQuery flag in plugin.json. #16984, @ryantxu + Prometheus: Take timezone into account for step alignment. #17477, @fxmiii + Prometheus: Use overridden panel range for $__range instead of dashboard range. #17352, @patrick246 + Prometheus: added time range filter to series labels query. #16851 3, @FUSAKLA + Provisioning: Support folder that doesn’t exist yet in dashboard provisioning. #17407 1, @Nexucis + Refresh picker: Handle empty intervals. #17585 1, @dehrax + Singlestat: Add y min/max config to singlestat sparklines. #17527 4, @pitr + Snapshot: use given key and deleteKey. #16876, @zhulongcheng + Templating: Correctly display __text in multi-value variable after page reload. #17840 1, @EduardSergeev + Templating: Support selecting all filtered values of a multi-value variable. #16873 2, @r66ad + Tracing: allow propagation with Zipkin headers. #17009 4, @jrockway + Users: Disable users removed from LDAP. #16820 2, @alexanderzobnin * Bug Fixes + PanelLinks: Fix render issue when there is no panel description. #18408 3, @dehrax + OAuth: Fix “missing saved state” OAuth login failure due to SameSite cookie policy. #18332 1, @papagian 3 + cli: fix for recognizing when in dev mode… #18334, @xlson + DataLinks: Fixes incorrect interpolation of ${__series_name} . #18251 1, @torkelo 2 + Loki: Display live tailed logs in correct order in Explore. #18031 3, @kaydelaney 2 + PhantomJS: Fixes rendering on Debian Buster. #18162 2, @xlson + TimePicker: Fixed style issue for custom range popover. #18244, @torkelo 2 + Timerange: Fixes a bug where custom time ranges didn’t respect UTC. #18248 1, @kaydelaney 2 + remote_cache: Fix redis connstr parsing. #18204 1, @mblaschke + AddPanel: Fix issue when removing moved add panel widget . #17659 2, @dehrax + CLI: Fix encrypt-datasource-passwords fails with sql error. #18014, @marefr + Elasticsearch: Fix default max concurrent shard requests. #17770 4, @marefr + Explore: Fix browsing back to dashboard panel. #17061, @jschill + Explore: Fix filter by series level in logs graph. #17798, @marefr + Explore: Fix issues when loading and both graph/table are collapsed. #17113, @marefr + Explore: Fix selection/copy of log lines. #17121, @marefr + Fix: Wrap value of multi variable in array when coming from URL. #16992 1, @aocenas + Frontend: Fix for Json tree component not working. #17608, @srid12 + Graphite: Fix for issue with alias function being moved last. #17791, @torkelo 2 + Graphite: Fixes issue with seriesByTag & function with variable param. #17795, @torkelo 2 + Graphite: use POST for /metrics/find requests. #17814 2, @papagian 3 + HTTP Server: Serve Grafana with a custom URL path prefix. #17048 6, @jan25 + InfluxDB: Fixes single quotes are not escaped in label value filters. #17398 1, @Panzki + Prometheus: Correctly escape ‘|’ literals in interpolated PromQL variables. #16932, @Limess + Prometheus: Fix when adding label for metrics which contains colons in Explore. #16760, @tolwi + SinglestatPanel: Remove background color when value turns null. #17552 1, @druggieri - Make phantomjs dependency configurable - Create plugin directory and clean up (create in %install, add to %files) handling of /var/lib/grafana/* and koan: - Calculate relative path for kernel and inited when generating grub entry (bsc#1170231) - Fix os-release version detection for SUSE mgr-cfg: - Remove commented code in test files - Replace spacewalk-usix with uyuni-common-libs - Bump version to 4.1.0 (bsc#1154940) - Add mgr manpage links mgr-custom-info: - Bump version to 4.1.0 (bsc#1154940) mgr-daemon: - Bump version to 4.1.0 (bsc#1154940) - Fix systemd timer configuration on SLE12 (bsc#1142038) mgr-osad: - Separate osa-dispatcher and jabberd so it can be disabled independently - Replace spacewalk-usix with uyuni-common-libs - Bump version to 4.1.0 (bsc#1154940) - Move /usr/share/rhn/config-defaults to uyuni-base-common - Require uyuni-base-common for /etc/rhn (for osa-dispatcher) - Ensure bytes type when using hashlib to avoid traceback (bsc#1138822) mgr-push: - Replace spacewalk-usix and spacewalk-backend-libs with uyuni-common-libs - Bump version to 4.1.0 (bsc#1154940) mgr-virtualization: - Replace spacewalk-usix with uyuni-common-libs - Bump version to 4.1.0 (bsc#1154940) - Fix mgr-virtualization timer rhnlib: - Fix building - Fix malformed XML response when data contains non-ASCII chars (bsc#1154968) - Bump version to 4.1.0 (bsc#1154940) - Fix bootstrapping SLE11SP4 trad client with SSL enabled (bsc#1148177) spacecmd: - Only report real error, not result (bsc#1171687) - Use defined return values for spacecmd methods so scripts can check for failure (bsc#1171687) - Disable globbing for api subcommand to allow wildcards in filter settings (bsc#1163871) - Bugfix: attempt to purge SSM when it is empty (bsc#1155372) - Bump version to 4.1.0 (bsc#1154940) - Prevent error when piping stdout in Python 2 (bsc#1153090) - Java api expects content as encoded string instead of encoded bytes like before (bsc#1153277) - Enable building and installing for Ubuntu 16.04 and Ubuntu 18.04 - Add unit test for schedule, errata, user, utils, misc, configchannel and kickstart modules - Multiple minor bugfixes alongside the unit tests - Bugfix: referenced variable before assignment. - Add unit test for report, package, org, repo and group spacewalk-client-tools: - Add workaround for uptime overflow to spacewalk-update-status as well (bsc#1165921) - Spell correctly 'successful' and 'successfully' - Skip dmidecode data on aarch64 to prevent coredump (bsc#1113160) - Replace spacewalk-usix with uyuni-common-libs - Return a non-zero exit status on errors in rhn_check - Bump version to 4.1.0 (bsc#1154940) - Make a explicit requirement to systemd for spacewalk-client-tools when rhnsd timer is installed spacewalk-koan: - Bump version to 4.1.0 (bsc#1154940) - Require commands we use in merge-rd.sh spacewalk-oscap: - Bump version to 4.1.0 (bsc#1154940) spacewalk-remote-utils: - Update spacewalk-create-channel with RHEL 7.7 channel definitions - Bump version to 4.1.0 (bsc#1154940) supportutils-plugin-susemanager-client: - Bump version to 4.1.0 (bsc#1154940) suseRegisterInfo: - SuseRegisterInfo only needs perl-base, not full perl (bsc#1168310) - Bump version to 4.1.0 (bsc#1154940) zypp-plugin-spacewalk: - 1.0.7 - Prevent issue with non-ASCII characters in Python 2 systems (bsc#1172462) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2374-1 Released: Fri Aug 28 12:59:39 2020 Summary: Recommended update for SUSE Manager Client Tools Type: recommended Severity: moderate References: 1171281,1172709,1173149,1173584,1174405,1174965 This update fixes the following issues: POS_Image-Graphical7: - Add plymouth-plugin-label-ft package to all *7 templates and set them to be of SLE15SP2 version - Add optional dracut-wireless comment section and move wpa_suplicant there POS_Image-JeOS7: - Add plymouth-plugin-label-ft package to all *7 templates and set them to be of SLE15SP2 version - Add optional dracut-wireless comment section and move wpa_suplicant there dracut-saltboot: - Use automatic RAID assembly only in the first phase before start of salt dracut-wireless: - Make sure ifup is scheduled (bsc#1173149) golang-github-prometheus-prometheus: - Add support for Prometheus exporters proxy mgr-osad: - Move uyuni-base-common dependency from mgr-osad to mgr-osa-dispatcher (bsc#1174405) spacecmd: - Fix softwarechannel update for vendor channels (bsc#1172709) - Fix escaping of package names (bsc#1171281) spacewalk-koan: - Use the 4.1 image to fix tests suseRegisterInfo: - Enhance RedHat product detection for CentOS and OracleLinux (bsc#1173584) uyuni-common-libs: - Fix issues importing RPM packages with long RPM headers (bsc#1174965) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2539-1 Released: Fri Sep 4 16:43:26 2020 Summary: Recommended update for golang-github-QubitProducts-exporter_exporter Type: recommended Severity: important References: 1175946 This Maintenance update for SUSE Manager fixes the following issue: - Add requires for fillup, groupadd, useradd, systemd (bsc#1175946) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2606-1 Released: Fri Sep 11 09:01:11 2020 Summary: Security update for golang-github-prometheus-prometheus Type: security Severity: moderate References: 1143913,1175478,CVE-2019-10215 This update for golang-github-prometheus-prometheus to version 2.18.0 fixes the following issues: - Fixed some building issues (bsc#1175478) - prometheus components systemd units should depend on network target (bsc#1143913). Update to 2.18.0 + Features * Tracing: Added experimental Jaeger support #7148 + Changes * Federation: Only use local TSDB for federation (ignore remote read). #7096 * Rules: `rule_evaluations_total` and `rule_evaluation_failures_total` have a `rule_group` label now. #7094 + Enhancements * TSDB: Significantly reduce WAL size kept around after a block cut. #7098 * Discovery: Add `architecture` meta label for EC2. #7000 + Bug fixes * UI: Fixed wrong MinTime reported by /status. #7182 * React UI: Fixed multiselect legend on OSX. #6880 * Remote Write: Fixed blocked resharding edge case. #7122 * Remote Write: Fixed remote write not updating on relabel configs change. #7073 - Changes from 2.17.2 + Bug fixes * Federation: Register federation metrics #7081 * PromQL: Fix panic in parser error handling #7132 * Rules: Fix reloads hanging when deleting a rule group that is being evaluated #7138 * TSDB: Fix a memory leak when prometheus starts with an empty TSDB WAL #7135 * TSDB: Make isolation more robust to panics in web handlers #7129 #7136 - Changes from 2.17.1 + Bug fixes * TSDB: Fix query performance regression that increased memory and CPU usage #7051 - Changes from 2.17.0 + Features * TSDB: Support isolation #6841 * This release implements isolation in TSDB. API queries and recording rules are guaranteed to only see full scrapes and full recording rules. This comes with a certain overhead in resource usage. Depending on the situation, there might be some increase in memory usage, CPU usage, or query latency. + Enhancements * PromQL: Allow more keywords as metric names #6933 * React UI: Add normalization of localhost URLs in targets page #6794 * Remote read: Read from remote storage concurrently #6770 * Rules: Mark deleted rule series as stale after a reload #6745 * Scrape: Log scrape append failures as debug rather than warn #6852 * TSDB: Improve query performance for queries that partially hit the head #6676 * Consul SD: Expose service health as meta label #5313 * EC2 SD: Expose EC2 instance lifecycle as meta label #6914 * Kubernetes SD: Expose service type as meta label for K8s service role #6684 * Kubernetes SD: Expose label_selector and field_selector #6807 * Openstack SD: Expose hypervisor id as meta label #6962 + Bug fixes * PromQL: Do not escape HTML-like chars in query log #6834 #6795 * React UI: Fix data table matrix values #6896 * React UI: Fix new targets page not loading when using non-ASCII characters #6892 * Remote read: Fix duplication of metrics read from remote storage with external labels #6967 #7018 * Remote write: Register WAL watcher and live reader metrics for all remotes, not just the first one #6998 * Scrape: Prevent removal of metric names upon relabeling #6891 * Scrape: Fix 'superfluous response.WriteHeader call' errors when scrape fails under some circonstances #6986 * Scrape: Fix crash when reloads are separated by two scrape intervals #7011 - Changes from 2.16.0 + Features * React UI: Support local timezone on /graph #6692 * PromQL: add absent_over_time query function #6490 * Adding optional logging of queries to their own file #6520 + Enhancements * React UI: Add support for rules page and 'Xs ago' duration displays #6503 * React UI: alerts page, replace filtering togglers tabs with checkboxes #6543 * TSDB: Export metric for WAL write errors #6647 * TSDB: Improve query performance for queries that only touch the most recent 2h of data. #6651 * PromQL: Refactoring in parser errors to improve error messages #6634 * PromQL: Support trailing commas in grouping opts #6480 * Scrape: Reduce memory usage on reloads by reusing scrape cache #6670 * Scrape: Add metrics to track bytes and entries in the metadata cache #6675 * promtool: Add support for line-column numbers for invalid rules output #6533 * Avoid restarting rule groups when it is unnecessary #6450 + Bug fixes * React UI: Send cookies on fetch() on older browsers #6553 * React UI: adopt grafana flot fix for stacked graphs #6603 * React UI: broken graph page browser history so that back button works as expected #6659 * TSDB: ensure compactionsSkipped metric is registered, and log proper error if one is returned from head.Init #6616 * TSDB: return an error on ingesting series with duplicate labels #6664 * PromQL: Fix unary operator precedence #6579 * PromQL: Respect query.timeout even when we reach query.max-concurrency #6712 * PromQL: Fix string and parentheses handling in engine, which affected React UI #6612 * PromQL: Remove output labels returned by absent() if they are produced by multiple identical label matchers #6493 * Scrape: Validate that OpenMetrics input ends with `# EOF` #6505 * Remote read: return the correct error if configs can't be marshal'd to JSON #6622 * Remote write: Make remote client `Store` use passed context, which can affect shutdown timing #6673 * Remote write: Improve sharding calculation in cases where we would always be consistently behind by tracking pendingSamples #6511 * Ensure prometheus_rule_group metrics are deleted when a rule group is removed #6693 - Changes from 2.15.2 + Bug fixes * TSDB: Fixed support for TSDB blocks built with Prometheus before 2.1.0. #6564 * TSDB: Fixed block compaction issues on Windows. #6547 - Changes from 2.15.1 + Bug fixes * TSDB: Fixed race on concurrent queries against same data. #6512 - Changes from 2.15.0 + Features * API: Added new endpoint for exposing per metric metadata `/metadata`. #6420 #6442 + Changes * Discovery: Removed `prometheus_sd_kubernetes_cache_*` metrics. Additionally `prometheus_sd_kubernetes_workqueue_latency_seconds` and `prometheus_sd_kubernetes_workqueue_work_duration_seconds` metrics now show correct values in seconds. #6393 * Remote write: Changed `query` label on `prometheus_remote_storage_*` metrics to `remote_name` and `url`. #6043 + Enhancements * TSDB: Significantly reduced memory footprint of loaded TSDB blocks. #6418 #6461 * TSDB: Significantly optimized what we buffer during compaction which should result in lower memory footprint during compaction. #6422 #6452 #6468 #6475 * TSDB: Improve replay latency. #6230 * TSDB: WAL size is now used for size based retention calculation. #5886 * Remote read: Added query grouping and range hints to the remote read request #6401 * Remote write: Added `prometheus_remote_storage_sent_bytes_total` counter per queue. #6344 * promql: Improved PromQL parser performance. #6356 * React UI: Implemented missing pages like `/targets` #6276, TSDB status page #6281 #6267 and many other fixes and performance improvements. * promql: Prometheus now accepts spaces between time range and square bracket. e.g `[ 5m]` #6065 + Bug fixes * Config: Fixed alertmanager configuration to not miss targets when configurations are similar. #6455 * Remote write: Value of `prometheus_remote_storage_shards_desired` gauge shows raw value of desired shards and it's updated correctly. #6378 * Rules: Prometheus now fails the evaluation of rules and alerts where metric results collide with labels specified in `labels` field. #6469 * API: Targets Metadata API `/targets/metadata` now accepts empty `match_targets` parameter as in the spec. #6303 - Changes from 2.14.0 + Features * API: `/api/v1/status/runtimeinfo` and `/api/v1/status/buildinfo` endpoints added for use by the React UI. #6243 * React UI: implement the new experimental React based UI. #5694 and many more * Can be found by under `/new`. * Not all pages are implemented yet. * Status: Cardinality statistics added to the Runtime & Build Information page. #6125 + Enhancements * Remote write: fix delays in remote write after a compaction. #6021 * UI: Alerts can be filtered by state. #5758 + Bug fixes * Ensure warnings from the API are escaped. #6279 * API: lifecycle endpoints return 403 when not enabled. #6057 * Build: Fix Solaris build. #6149 * Promtool: Remove false duplicate rule warnings when checking rule files with alerts. #6270 * Remote write: restore use of deduplicating logger in remote write. #6113 * Remote write: do not reshard when unable to send samples. #6111 * Service discovery: errors are no longer logged on context cancellation. #6116, #6133 * UI: handle null response from API properly. #6071 - Changes from 2.13.1 + Bug fixes * Fix panic in ARM builds of Prometheus. #6110 * promql: fix potential panic in the query logger. #6094 * Multiple errors of http: superfluous response.WriteHeader call in the logs. #6145 - Changes from 2.13.0 + Enhancements * Metrics: renamed prometheus_sd_configs_failed_total to prometheus_sd_failed_configs and changed to Gauge #5254 * Include the tsdb tool in builds. #6089 * Service discovery: add new node address types for kubernetes. #5902 * UI: show warnings if query have returned some warnings. #5964 * Remote write: reduce memory usage of the series cache. #5849 * Remote read: use remote read streaming to reduce memory usage. #5703 * Metrics: added metrics for remote write max/min/desired shards to queue manager. #5787 * Promtool: show the warnings during label query. #5924 * Promtool: improve error messages when parsing bad rules. #5965 * Promtool: more promlint rules. #5515 + Bug fixes * UI: Fix a Stored DOM XSS vulnerability with query history [CVE-2019-10215](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10215). #6098 * Promtool: fix recording inconsistency due to duplicate labels. #6026 * UI: fixes service-discovery view when accessed from unhealthy targets. #5915 * Metrics format: OpenMetrics parser crashes on short input. #5939 * UI: avoid truncated Y-axis values. #6014 - Changes from 2.12.0 + Features * Track currently active PromQL queries in a log file. #5794 * Enable and provide binaries for `mips64` / `mips64le` architectures. #5792 + Enhancements * Improve responsiveness of targets web UI and API endpoint. #5740 * Improve remote write desired shards calculation. #5763 * Flush TSDB pages more precisely. tsdb#660 * Add `prometheus_tsdb_retention_limit_bytes` metric. tsdb#667 * Add logging during TSDB WAL replay on startup. tsdb#662 * Improve TSDB memory usage. tsdb#653, tsdb#643, tsdb#654, tsdb#642, tsdb#627 + Bug fixes * Check for duplicate label names in remote read. #5829 * Mark deleted rules' series as stale on next evaluation. #5759 * Fix JavaScript error when showing warning about out-of-sync server time. #5833 * Fix `promtool test rules` panic when providing empty `exp_labels`. #5774 * Only check last directory when discovering checkpoint number. #5756 * Fix error propagation in WAL watcher helper functions. #5741 * Correctly handle empty labels from alert templates. #5845 - Update to Prometheus 2.11.2 + Fixes crashes when systems have no FQDN + Adds Parallel calls to Uyuni API, meaningful performance increase + Adds Support for system group labels - Build with PIE - Only package required files (reduces rpm size by 4 MB) - Add sysconfig file - Add firewall config file - Use variables for defining user and group - Add support for Uyuni/SUSE Manager service discovery - readded _service file removed in error. - Update to 2.11.1 + Bug Fix: * Fix potential panic when prometheus is watching multiple zookeeper paths. - Update to 2.11.0 + Bug Fix: * resolve race condition in maxGauge. * Fix ZooKeeper connection leak. * Improved atomicity of .tmp block replacement during compaction for usual case. * Fix 'unknown series references' after clean shutdown. * Re-calculate block size when calling block.Delete. * Fix unsafe snapshots with head block. * prometheus_tsdb_compactions_failed_total is now incremented on any compaction failure. + Changes: * Remove max_retries from queue_config (it has been unused since rewriting remote-write to utilize the write-ahead-log) * The meta file BlockStats no longer holds size information. This is now dynamically calculated and kept in memory. It also includes the meta file size which was not included before * Renamed metric from prometheus_tsdb_wal_reader_corruption_errors to prometheus_tsdb_wal_reader_corruption_errors_total + Features: * Add option to use Alertmanager API v2. * Added humanizePercentage function for templates. * Include InitContainers in Kubernetes Service Discovery. * Provide option to compress WAL records using Snappy. + Enhancements: * Create new clean segment when starting the WAL. * Reduce allocations in PromQL aggregations. * Add storage warnings to LabelValues and LabelNames API results. * Add prometheus_http_requests_total metric. * Enable openbsd/arm build. * Remote-write allocation improvements. * Query performance improvement: Efficient iteration and search in HashForLabels and HashWithoutLabels. * Allow injection of arbitrary headers in promtool. * Allow passing external_labels in alert unit tests groups. * Allows globs for rules when unit testing. * Improved postings intersection matching. * Reduced disk usage for WAL for small setups. * Optimize queries using regexp for set lookups. - Update to 2.10.0: + Bug Fixes: * TSDB: Don't panic when running out of disk space and recover nicely from the condition * TSDB: Correctly handle empty labels. * TSDB: Don't crash on an unknown tombstone reference. * Storage/remote: Remove queue-manager specific metrics if queue no longer exists. * PromQL: Correctly display {__name__='a'}. * Discovery/kubernetes: Use service rather than ingress as the name for the service workqueue. * Discovery/azure: Don't panic on a VM with a public IP. * Web: Fixed Content-Type for js and css instead of using /etc/mime.types. * API: Encode alert values as string to correctly represent Inf/NaN. + Features: * Template expansion: Make external labels available as $externalLabels in alert and console template expansion. * TSDB: Add prometheus_tsdb_wal_segment_current metric for the WAL segment index that TSDB is currently writing to. tsdb * Scrape: Add scrape_series_added per-scrape metric. #5546 + Enhancements * Discovery/kubernetes: Add labels __meta_kubernetes_endpoint_node_name and __meta_kubernetes_endpoint_hostname. * Discovery/azure: Add label __meta_azure_machine_public_ip. * TSDB: Simplify mergedPostings.Seek, resulting in better performance if there are many posting lists. tsdb * Log filesystem type on startup. * Cmd/promtool: Use POST requests for Query and QueryRange. client_golang * Web: Sort alerts by group name. * Console templates: Add convenience variables $rawParams, $params, $path. - Upadte to 2.9.2 + Bug Fixes: * Make sure subquery range is taken into account for selection * Exhaust every request body before closing it * Cmd/promtool: return errors from rule evaluations * Remote Storage: string interner should not panic in release * Fix memory allocation regression in mergedPostings.Seek tsdb - Update to 2.9.1 + Bug Fixes: * Discovery/kubernetes: fix missing label sanitization * Remote_write: Prevent reshard concurrent with calling stop - Update to 2.9.0 + Feature: * Add honor_timestamps scrape option. + Enhancements: * Update Consul to support catalog.ServiceMultipleTags. * Discovery/kubernetes: add present labels for labels/annotations. * OpenStack SD: Add ProjectID and UserID meta labels. * Add GODEBUG and retention to the runtime page. * Add support for POSTing to /series endpoint. * Support PUT methods for Lifecycle and Admin APIs. * Scrape: Add global jitter for HA server. * Check for cancellation on every step of a range evaluation. * String interning for labels & values in the remote_write path. * Don't lose the scrape cache on a failed scrape. * Reload cert files from disk automatically. common * Use fixed length millisecond timestamp format for logs. common * Performance improvements for postings. Bug Fixes: * Remote Write: fix checkpoint reading. * Check if label value is valid when unmarshaling external labels from YAML. * Promparse: sort all labels when parsing. * Reload rules: copy state on both name and labels. * Exponentation operator to drop metric name in result of operation. * Config: resolve more file paths. * Promtool: resolve relative paths in alert test files. * Set TLSHandshakeTimeout in HTTP transport. common * Use fsync to be more resilient to machine crashes. * Keep series that are still in WAL in checkpoints. - Update to 2.8.1 + Bug Fixes * Display the job labels in /targets which was removed accidentally - Update to 2.8.0 + Change: * This release uses Write-Ahead Logging (WAL) for the remote_write API. This currently causes a slight increase in memory usage, which will be addressed in future releases. * Default time retention is used only when no size based retention is specified. These are flags where time retention is specified by the flag --storage.tsdb.retention and size retention by --storage.tsdb.retention.size. * prometheus_tsdb_storage_blocks_bytes_total is now prometheus_tsdb_storage_blocks_bytes. + Feature: * (EXPERIMENTAL) Time overlapping blocks are now allowed; vertical compaction and vertical query merge. It is an optional feature which is controlled by the --storage.tsdb.allow-overlapping-blocks flag, disabled by default. + Enhancements: * Use the WAL for remote_write API. * Query performance improvements. * UI enhancements with upgrade to Bootstrap 4. * Reduce time that Alertmanagers are in flux when reloaded. * Limit number of metrics displayed on UI to 10000. * (1) Remember All/Unhealthy choice on target-overview when reloading page. (2) Resize text-input area on Graph page on mouseclick. * In histogram_quantile merge buckets with equivalent le values. * Show list of offending labels in the error message in many-to-many scenarios. * Show Storage Retention criteria in effect on /status page. + Bug Fixes: + Fix sorting of rule groups. + Fix support for password_file and bearer_token_file in Kubernetes SD. + Scrape: catch errors when creating HTTP clients + Adds new metrics: prometheus_target_scrape_pools_total prometheus_target_scrape_pools_failed_total prometheus_target_scrape_pool_reloads_total prometheus_target_scrape_pool_reloads_failed_total + Fix panic when aggregator param is not a literal. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2839-1 Released: Fri Oct 2 12:16:15 2020 Summary: Recommended update for SUSE Manager Client Tools Type: recommended Severity: moderate References: 1173268,1175889 This update fixes the following issues: POS_Image-Graphical7: - Set wicked to use plain mac address for computing DHCP DUID (bsc#1173268) POS_Image-JeOS7: - Set wicked to use plain mac address for computing DHCP DUID (bsc#1173268) dracut-saltboot: - Set wicked to use plain mac address for computing DHCP DUID - Copy wicked lease xml file to prevent query for second IP address (bsc#1173268) golang-github-QubitProducts-exporter_exporter: - Pin Golang version to 1.14 mgr-daemon: - Remove duplicate languages and update translation strings spacecmd: - Fix softwarechannel_listlatestpackages throwing error on empty channels (bsc#1175889) spacewalk-client-tools: - Remove duplicated languages and update translation strings ----------------------------------------------------------------- Advisory ID: SUSE-OU-2020:3291-1 Released: Wed Nov 11 12:26:29 2020 Summary: Optional update for python-redis and redis Type: optional Severity: moderate References: 1002351,1047218,1061967,1064980,1097430,1131555,798455,835815,991250,CVE-2013-7458,CVE-2015-8080,CVE-2016-10517,CVE-2016-8339,CVE-2017-15047,CVE-2018-11218,CVE-2018-11219 This optional update for python-redis and redis provides the following fixes python-redis: - Update to version to 3.4.1 (jsc#ECO-2417) * Move the username argument in the Redis and Connection classes to the end of the argument list. This helps those poor souls that specify all their connection options as non-keyword arguments. * Prior to ACL support, redis-py ignored the username component of Connection URLs. With ACL support, usernames are no longer ignored and are used to authenticate against an ACL rule. Some cloud vendors with managed Redis instances (like Heroku) provide connection URLs with a username component pre-ACL that is not intended to be used. Sending that username to Redis servers < 6.0.0 results in an error. Attempt to detect this condition and retry the AUTH command with only the password such that authentication continues to work for these users. * Removed the __eq__ hooks to Redis and ConnectionPool that were added in 3.4.0. This ended up being a bad idea as two separate connection pools be considered equal yet manage a completely separate set of connections. * Allow empty pipelines to be executed if there are WATCHed keys. This is a convenient way to test if any of the watched keys changed without actually running any other commands. * Removed support for end of life Python 3.4. * Added support for all ACL commands in Redis 6. * Pipeline instances now always evaluate to True. Prior to this change, pipeline instances relied on __len__ for boolean evaluation which meant that pipelines with no commands on the stack would be considered False. * Client instances and Connection pools now support a 'client_name' argument. If supplied, all connections created will call CLIENT SETNAME as soon as the connection is opened. * Added the 'ssl_check_hostname' argument to specify whether SSL connections should require the server hostname to match the hostname specified in the SSL cert. By default 'ssl_check_hostname' is False for backwards compatibility. * Added support for the TYPE argument to SCAN. * Better thread and fork safety in ConnectionPool and BlockingConnectionPool. Added better locking to synchronize critical sections rather than relying on CPython-specific implementation details relating to atomic operations. Adjusted how the pools identify and deal with a fork. Added a ChildDeadlockedError exception that is raised by child processes in the very unlikely chance that a deadlock is encountered. * Further fix for the SSLError -> TimeoutError mapping to work on obscure releases of Python 2.7. * Fixed a potential error handling bug for the SSLError -> TimeoutError mapping introduced in 3.3.9. * Mapped Python 2.7 SSLError to TimeoutError where appropriate. Timeouts should now consistently raise TimeoutErrors on Python 2.7 for both unsecured and secured connections. * Fixed MONITOR parsing to properly parse IPv6 client addresses * Fixed a regression introduced in 3.3.0 * Resolve a race condition with the PubSubWorkerThread. * Response callbacks are now case insensitive. * Added support for hiredis-py 1.0.0 encoding error support. * Add READONLY and READWRITE commands. * Added extensive health checks that keep the connections lively. * Many more changes, see upstream changelog. * Add missing build dependency setuptools * Fix SentinelConnectionPool to work in multiprocess/forked environments - Update to 3.2.0 (bsc#1131555) * Added support for `select.poll` to test whether data can be read on a socket. This should allow for significantly more connections to be used with pubsub. * Attempt to guarentee that the ConnectionPool hands out healthy connections. Healthy connections are those that have an established socket connection to the Redis server, are ready to accept a command and have no data available to read. * Use the socket.IPPROTO_TCP constant instead of socket.SOL_TCP. IPPROTO_TCP is available on more interpreters (Jython for instance). * Fixed a regression introduced in 3.0 that mishandles exceptions not derived from the base Exception class. KeyboardInterrupt and gevent.timeout notable. * Significant improvements to handing connections with forked processes. Parent and child processes no longer trample on each others' connections. * PythonParser no longer closes the associated connection's socket. The connection itself will close the socket. * Connection URLs must have one of the following schemes: redis://, rediss://, unix://. * Fixed an issue with retry_on_timeout logic that caused some TimeoutErrors to be retried. * Added support for SNI for SSL. * Fixed ConnectionPool repr for pools with no connections. * Fixed GEOHASH to return a None value when specifying a place that doesn't exist on the server. * Fixed XREADGROUP to return an empty dictionary for messages that have been deleted but still exist in the unacknowledged queue. * Added an owned method to Lock objects. owned returns a boolean indicating whether the current lock instance still owns the lock. * Allow lock.acquire() to accept an optional token argument. If provided, the token argument is used as the unique value used to claim the lock. * Added a reacquire method to Lock objects. reaquire attempts to renew the lock such that the timeout is extended to the same value that the lock was initially acquired with. * Stream names found within XREAD and XREADGROUP responses now properly respect the decode_responses flag. * XPENDING_RANGE now requires the user the specify the min, max and count arguments. Newer versions of Redis prevent count from being infinite so it's left to the user to specify these values explicitly. * ZADD now returns None when xx=True and incr=True and an element is specified that doesn't exist in the sorted set. This matches what the server returns in this case. * Added client_kill_filter that accepts various filters to identify and kill clients. * Fixed a race condition that occurred when unsubscribing and resubscribing to the same channel or pattern in rapid succession. * Added a LockNotOwnedError that is raised when trying to extend or release a lock that is no longer owned. This is a subclass of LockError so previous code should continue to work as expected. * Fixed a bug in GEORADIUS that forced decoding of places without respecting the decode_responses option. * add recommendation for python-hiredis * Fixed regression with UnixDomainSocketConnection caused by 3.0.0. * Fixed an issue with the new asynchronous flag on flushdb and flushall. * Updated Lock.locked() method to indicate whether *any* process has acquired the lock, not just the current one. This is in line with the behavior of threading.Lock. - Update to version 3.0.0: BACKWARDS INCOMPATIBLE CHANGES * When using a Lock as a context manager and the lock fails to be acquired a LockError is now raised. This prevents the code block inside the context manager from being executed if the lock could not be acquired. * Renamed LuaLock to Lock. * Removed the pipeline based Lock implementation in favor of the LuaLock implementation. * Only bytes, strings and numbers (ints, longs and floats) are acceptable for keys and values. Previously redis-py attempted to cast other types to str() and store the result. This caused must confusion and frustration when passing boolean values (cast to 'True' and 'False') or None values (cast to 'None'). It is now the user's responsibility to cast all key names and values to bytes, strings or numbers before passing the value to redis-py. * The StrictRedis class has been renamed to Redis. StrictRedis will continue to exist as an alias of Redis for the forseeable future. * The legacy Redis client class has been removed. It caused much confusion to users. * ZINCRBY arguments 'value' and 'amount' have swapped order to match the the Redis server. The new argument order is: keyname, amount, value. * MGET no longer raises an error if zero keys are passed in. Instead an empty list is returned. * MSET and MSETNX now require all keys/values to be specified in a single dictionary argument named mapping. This was changed to allow for future options to these commands in the future. * ZADD now requires all element names/scores be specified in a single dictionary argument named mapping. This was required to allow the NX, XX, CH and INCR options to be specified. OTHER CHANGES * Added missing DECRBY command. * CLUSTER INFO and CLUSTER NODES respones are now properly decoded to strings. * Added a 'locked()' method to Lock objects. This method returns True if the lock has been acquired and owned by the current process, otherwise False. * EXISTS now supports multiple keys. It's return value is now the number of keys in the list that exist. * Ensure all commands can accept key names as bytes. This fixes issues with BLPOP, BRPOP and SORT. * All errors resulting from bad user input are raised as DataError exceptions. DataError is a subclass of RedisError so this should be transparent to anyone previously catching these. * Added support for NX, XX, CH and INCR options to ZADD * Added support for the MIGRATE command * Added support for the MEMORY USAGE and MEMORY PURGE commands. * Added support for the 'asynchronous' argument to FLUSHDB and FLUSHALL commands. * Added support for the BITFIELD command. * Improved performance on pipeline requests with large chunks of data. * Fixed test suite to not fail if another client is connected to the server the tests are running against. * Added support for SWAPDB. * Added support for all STREAM commands. * SHUTDOWN now accepts the 'save' and 'nosave' arguments. * Added support for ZPOPMAX, ZPOPMIN, BZPOPMAX, BZPOPMIN. * Added support for the 'type' argument in CLIENT LIST. * Added support for CLIENT PAUSE. * Added support for CLIENT ID and CLIENT UNBLOCK. * GEODIST now returns a None value when referencing a place that does not exist. * Added a ping() method to pubsub objects. * Fixed a bug with keys in the INFO dict that contained ':' symbols. * ssl_cert_reqs now has a default value of 'required' by default. This should make connecting to a remote Redis server over SSL more secure. * max_connections is now a valid querystring argument for creating connection pools from URLs. * Added the UNLINK command. * Added socket_type option to Connection for configurability. * Lock.do_acquire now atomically sets acquires the lock and sets the expire value via set(nx=True, px=timeout). * Added 'count' argument to SPOP. * Fixed an issue parsing client_list respones that contained an '='. * Fix rounding issues with geolocation, it is not stable enought to produce pinpoint equal results among 32bit platforms * Run tests by launching redis server * Require redis on runtime redis: - Update to version 6.0.8 (jsc#PM-1615, jsc#PM-1622, jsc#PM-1681, jsc#ECO-2867, jsc#PM-1547, jsc#CAPS-56, jsc#SLE-11578, jsc#SLE-12821) * bug fixes when using with Sentinel * bug fixes when using CONFIG REWRITE * Remove THP warning when set to madvise * Allow EXEC with read commands on readonly replica in cluster * Add masters/replicas options to redis-cli --cluster call command * CONFIG SET could hung the client when arrives during RDB/ROF loading * LPOS command when RANK is greater than matches responded with broken protocol * Add oom-score-adj configuration option to control Linux OOM killer * Show IO threads statistics and status in INFO output * Add optional tls verification mode (see tls-auth-clients) * Fix crash when enabling CLIENT TRACKING with prefix * EXEC always fails with EXECABORT and multi-state is cleared * RESTORE ABSTTL won't store expired keys into the db * redis-cli better handling of non-pritable key names * TLS: Ignore client cert when tls-auth-clients off * Tracking: fix invalidation message on flush * Notify systemd on Sentinel startup * Fix crash on a misuse of STRALGO * Fix a few rare leaks (STRALGO error misuse, Sentinel) * Fix a possible invalid access in defrag of scripts * Add LPOS command to search in a list * Use user+pass for MIGRATE in redis-cli and redis-benchmark in cluster mode * redis-cli support TLS for --pipe, --rdb and --replica options * TLS: Session caching configuration support * Fix handling of speical chars in ACL LOAD * Make Redis Cluster more robust about operation errors that may lead to two clusters to mix together * Revert the sendfile() implementation of RDB transfer * Fix TLS certificate loading for chained certificates * Fix AOF rewirting of KEEPTTL SET option * Fix MULTI/EXEC behavior during -BUSY script errors * fix a severe replication bug introduced in Redis 6 by the 'meaningful offset' feature * fix a crash introduced in 6.0.2 * fix to client side caching when keys are evicted from the tracking table but no notifications are sent * add BR pkgconfig(libsystemd) for the rewritten systemd support and force building with it * XCLAIM AOF/replicas propagation fixed. * Client side caching: new NOLOOP option to avoid getting notified about changes performed by ourselves. * ACL GENPASS now uses HMAC-SHA256 and have an optional 'bits' argument. It means you can use it as a general purpose 'secure random strings' primitive! * Cluster 'SLOTS' subcommand memory optimization. * The LCS command is now a subcommand of STRALGO. * Meaningful offset for replicas as well. More successful partial resynchronizations. * Optimize memory usage of deferred replies. * Faster CRC64 algorithm for faster RDB loading. * XINFO STREAM FULL, a new subcommand to get the whole stream state. * CLIENT KILL USER . * MIGRATE AUTH2 option, for ACL style authentication support. * use libatomic also on ppc * add hash file from redis-hashes and verify it during build ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3767-1 Released: Fri Dec 11 16:06:22 2020 Summary: Recommended update for apache-commons-el Type: recommended Severity: low References: 1179637 This update for apache-commons-el fixes the following issues: - Provide missing update dependencies for apache-commons-el. (bsc#1179637) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3783-1 Released: Mon Dec 14 12:02:48 2020 Summary: Recommended update for SUSE Manager Client Tools Type: recommended Severity: moderate References: 1143913,1176943,1177928 This update fixes the following issues: golang-github-prometheus-alertmanager: - Fix building amtool (bsc#1176943) - Fix permissions for /var/lib/prometheus to match golang-github-prometheus-prometheus package. Otherwise the install check will fail. - Update to 0.21.0 + Changes: * [HipChat] Remove HipChat integration as it is end-of-life. #2282 * [amtool] Remove default assignment of environment variables. #2161 * [PagerDuty] Enforce 512KB event size limit. #2225 + Enhancements: * [amtool] Add cluster command to show cluster and peer statuses. #2256 * Add redirection from / to the routes prefix when it isn't empty. #2235 * [Webhook] Add max_alerts option to limit the number of alerts included in the payload. #2274 * Improve logs for API v2, notifications and clustering. #2177 #2188 #2260 #2261 #2273 + Bugfixes: * Fix child routes not inheriting their parent route's grouping when group_by: [...]. * [UI] Fix the receiver selector in the Alerts page when the receiver name contains regular expression metacharacters such as +. * Fix error message about start and end time validation. #2173 * Fix a potential race condition in dispatcher. #2208 * [API v2] Return an empty array of peers when the clustering is disabled. #2203 * Fix the registration of alertmanager_dispatcher_aggregation_groups and alertmanager_dispatcher_alert_processing_duration_seconds metrics. * Always retry notifications with back-off. #2290 - Remove rpm group - Update to build with go1.14 for Factory (Tumbleweed) - Refresh example config from upstream - Add network-online (Wants and After) dependency to systemd unit bsc#1143913 mgr-daemon: - Fix removal of mgr-deamon with selinux enabled (bsc#1177928) spacecmd: - Fix: make spacecmd build on Debian spacewalk-client-tools: - Update translations spacewalk-koan: - Adjust ownership of some tests files to fix them supportutils-plugin-susemanager-client: - Remove checks for obsolete packages - Gather new configfiles - Add more important informations zypp-plugin-spacewalk: - Support 'allow vendor change' for dist upgrades ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:333-1 Released: Mon Feb 8 10:31:48 2021 Summary: Recommended update for SUSE Manager Client Tools Type: recommended Severity: moderate References: 1176823,1177884,1179555,1179566 This update fixes the following issues: golang-github-prometheus-alertmanager: - Exclude s390 architecture - Update packaging * Remove systemd and shadow hard requirements * use the system user provided by the system-user-prometheus subpackge * add 'prometheus-alertmanager' package alias golang-github-prometheus-prometheus: - Update to upstream version 2.22.1 - Update packaging * Remove systemd and shadow hard requirements * use systemd-sysusers to configure the user in a dedicated 'system-user-prometheus' subpackage * add 'prometheus' package alias grafana: - Update packaging * avoid systemd and shadow hard requirements * Require the user from a new dedicated 'system-user-grafana' sibling package * avoid pinning to a specific Go version in the spec file - Update to version 7.3.1: * Breaking changes - CloudWatch: The AWS CloudWatch data source's authentication scheme has changed. See the upgrade notes for details and how this may affect you. - Units: The date time units `YYYY-MM-DD HH:mm:ss` and `MM/DD/YYYY h:mm:ss a` have been renamed to `Datetime ISO` and `Datetime US` respectively. * Features / Enhancements - AzureMonitor: Support decimal (as float64) type in analytics/logs. - Add monitoring mixing for Grafana. - CloudWatch: Missing Namespace AWS/EC2CapacityReservations. - CloudWatch: Add support for AWS DirectConnect virtual interface metrics and add missing dimensions. - CloudWatch: Adding support for Amazon ElastiCache Redis metrics. - CloudWatch: Adding support for additional Amazon CloudFront metrics. - CloudWatch: Re-implement authentication. - Elasticsearch: Support multiple pipeline aggregations for a query. - Prometheus: Add time range parameters to labels API. - Loki: Visually distinguish error logs for LogQL2. - Api: Add /healthz endpoint for health checks. - API: Enrich add user to org endpoints with user ID in the response. - API: Enrich responses and improve error handling for alerting API endpoints. - Elasticsearch: Add support for date_nanos type. - Elasticsearch: Allow fields starting with underscore. - Elasticsearch: Increase maximum geohash aggregation precision to 12. - Postgres: Support request cancellation properly (Uses new backendSrv.fetch Observable request API). - Provisioning: Remove provisioned dashboards without parental reader. - API: Return ID of the deleted resource for dashboard, datasource and folder DELETE endpoints. - API: Support paging in the admin orgs list API. - API: return resource ID for auth key creation, folder permissions update and user invite complete endpoints. - BackendSrv: Uses credentials, deprecates withCredentials & defaults to same-origin. - CloudWatch: Update list of AmazonMQ metrics and dimensions. - Cloudwatch: Add Support for external ID in assume role. - Cloudwatch: Add af-south-1 region. - DateFormats: Default ISO & US formats never omit date part even if date is today (breaking change). - Explore: Transform prometheus query to elasticsearch query. - InfluxDB/Flux: Increase series limit for Flux datasource. - InfluxDB: exclude result and table column from Flux table results. - InfluxDB: return a table rather than an error when timeseries is missing time. - Loki: Add scopedVars support in legend formatting for repeated variables. - Loki: Re-introduce running of instant queries. - Loki: Support request cancellation properly (Uses new backendSrv.fetch Observable request API). - MixedDatasource: Shows retrieved data even if a data source fails. - Postgres: Support Unix socket for host. - Prometheus: Add scopedVars support in legend formatting for repeated variables. - Prometheus: Support request cancellation properly (Uses new backendSrv.fetch Observable request API). - Prometheus: add $__rate_interval variable. - Table: Adds column filtering. - grafana-cli: Add ability to read password from stdin to reset admin password. - Variables: enables cancel for slow query variables queries. - AzureMonitor: fix panic introduced in 7.1.4 when unit was unspecified and alias was used. - TextPanel: Fix content overflowing panel boundaries. - Fix golang version = 1.14 to avoid dependency conflicts on some OBS projects - Update to version 7.0.0 * Remove phantomJS patch from Makefile mgr-osad: - Change the log file permissions as expected by logrotate (bsc#1177884) spacecmd: - Fix spacecmd with no parameters produces traceback on SLE 11 SP4 (bsc#1176823) - Added '-r REVISION' option to the 'configchannel_updateinitsls' command (bsc#1179566) - Fix: internal: workaround for future tee of logs translation uyuni-common-libs: - Section in Debian packages in now treated as optional (bsc#1179555) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:644-1 Released: Fri Feb 26 11:21:54 2021 Summary: Recommended Beta update for SUSE Manager Client Tools Type: recommended Severity: moderate References: 1180583,1180585 This update fixes the following issues: spacecmd: - Deprecated 'Software Crashes' feature - Document advanced package search on '--help' (bsc#1180583) - Fixed advanced search on 'package_listinstalledsystems' - Fixed duplicate results when using multiple search criteria (bsc#1180585) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2664-1 Released: Thu Aug 12 12:02:29 2021 Summary: Security update for golang-github-prometheus-prometheus Type: security Severity: moderate References: 1186242,CVE-2021-29622 This update for golang-github-prometheus-prometheus fixes the following issues: - Provide and reload firewalld configuration only for: + openSUSE Leap 15.0, 15.1, 15.2 + SUSE SLE15, SLE15 SP1, SLE15 SP2 - Upgrade to upstream version 2.27.1 (jsc#SLE-18254) + Bugfix: * SECURITY: Fix arbitrary redirects under the /new endpoint (CVE-2021-29622, bsc#1186242) + Features: * Promtool: Retroactive rule evaluation functionality. #7675 * Configuration: Environment variable expansion for external labels. Behind --enable-feature=expand-external-labels flag. #8649 * TSDB: Add a flag(--storage.tsdb.max-block-chunk-segment-size) to control the max chunks file size of the blocks for small Prometheus instances. * UI: Add a dark theme. #8604 * AWS Lightsail Discovery: Add AWS Lightsail Discovery. #8693 * Docker Discovery: Add Docker Service Discovery. #8629 * OAuth: Allow OAuth 2.0 to be used anywhere an HTTP client is used. #8761 * Remote Write: Send exemplars via remote write. Experimental and disabled by default. #8296 + Enhancements: * Digital Ocean Discovery: Add __meta_digitalocean_vpc label. #8642 * Scaleway Discovery: Read Scaleway secret from a file. #8643 * Scrape: Add configurable limits for label size and count. #8777 * UI: Add 16w and 26w time range steps. #8656 * Templating: Enable parsing strings in humanize functions. #8682 + Bugfixes: * UI: Provide errors instead of blank page on TSDB Status Page. #8654 #8659 * TSDB: Do not panic when writing very large records to the WAL. #8790 * TSDB: Avoid panic when mmaped memory is referenced after the file is closed. #8723 * Scaleway Discovery: Fix nil pointer dereference. #8737 * Consul Discovery: Restart no longer required after config update with no targets. #8766 - Add tarball with vendor modules and web assets - Uyuni: Read formula data from exporters map - Uyuni: Add support for TLS targets - Upgrade to upstream version 2.26.0 + Changes * Alerting: Using Alertmanager v2 API by default. #8626 * Prometheus/Promtool: Binaries are now printing help and usage to stdout instead of stderr. #8542 + Features * Remote: Add support for AWS SigV4 auth method for remote_write. #8509 * PromQL: Allow negative offsets. Behind --enable-feature=promql-negative-offset flag. #8487 * UI: Add advanced auto-completion, syntax highlighting and linting to graph page query input. #8634 + Enhancements * PromQL: Add last_over_time, sgn, clamp functions. #8457 * Scrape: Add support for specifying type of Authorization header credentials with Bearer by default. #8512 * Scrape: Add follow_redirects option to scrape configuration. #8546 * Remote: Allow retries on HTTP 429 response code for remote_write. #8237 #8477 * Remote: Allow configuring custom headers for remote_read. #8516 * UI: Hitting Enter now triggers new query. #8581 * UI: Better handling of long rule and names on the /rules and /targets pages. #8608 #8609 * UI: Add collapse/expand all button on the /targets page. #8486 - Upgrade to upstream version 2.25.0 + Features * Include a new `--enable-feature=` flag that enables experimental features. + Enhancements * Add optional name property to testgroup for better test failure output. #8440 * Add warnings into React Panel on the Graph page. #8427 * TSDB: Increase the number of buckets for the compaction duration metric. #8342 * Remote: Allow passing along custom remote_write HTTP headers. #8416 * Mixins: Scope grafana configuration. #8332 * Kubernetes SD: Add endpoint labels metadata. #8273 * UI: Expose total number of label pairs in head in TSDB stats page. #8343 * TSDB: Reload blocks every minute, to detect new blocks and enforce retention more often. #8343 + Bug fixes * API: Fix global URL when external address has no port. #8359 * Deprecate unused flag --alertmanager.timeout. #8407 - Upgrade to upstream version 2.24.1 + Enhancements * Cache basic authentication results to significantly improve performance of HTTP endpoints. - Upgrade to upstream version 2.24.0 + Features * Add TLS and basic authentication to HTTP endpoints. #8316 * promtool: Add check web-config subcommand to check web config files. #8319 * promtool: Add tsdb create-blocks-from openmetrics subcommand to backfill metrics data from an OpenMetrics file. + Enhancements * HTTP API: Fast-fail queries with only empty matchers. #8288 * HTTP API: Support matchers for labels API. #8301 * promtool: Improve checking of URLs passed on the command line. #7956 * SD: Expose IPv6 as a label in EC2 SD. #7086 * SD: Reuse EC2 client, reducing frequency of requesting credentials. #8311 * TSDB: Add logging when compaction takes more than the block time range. #8151 * TSDB: Avoid unnecessary GC runs after compaction. #8276 - Upgrade to upstream version 2.23.0 + Changes * UI: Make the React UI default. #8142 * Remote write: The following metrics were removed/renamed in remote write. #6815 > prometheus_remote_storage_succeeded_samples_total was removed and prometheus_remote_storage_samples_total was introduced for all the samples attempted to send. > prometheus_remote_storage_sent_bytes_total was removed and replaced with prometheus_remote_storage_samples_bytes_total and prometheus_remote_storage_metadata_bytes_total. > prometheus_remote_storage_failed_samples_total -> prometheus_remote_storage_samples_failed_total . > prometheus_remote_storage_retried_samples_total -> prometheus_remote_storage_samples_retried_total. > prometheus_remote_storage_dropped_samples_total -> prometheus_remote_storage_samples_dropped_total. > prometheus_remote_storage_pending_samples -> prometheus_remote_storage_samples_pending. * Remote: Do not collect non-initialized timestamp metrics. #8060 + Enhancements * Remote write: Added a metric prometheus_remote_storage_max_samples_per_send for remote write. #8102 * TSDB: Make the snapshot directory name always the same length. #8138 * TSDB: Create a checkpoint only once at the end of all head compactions. #8067 * TSDB: Avoid Series API from hitting the chunks. #8050 * TSDB: Cache label name and last value when adding series during compactions making compactions faster. #8192 * PromQL: Improved performance of Hash method making queries a bit faster. #8025 * promtool: tsdb list now prints block sizes. #7993 * promtool: Calculate mint and maxt per test avoiding unnecessary calculations. #8096 * SD: Add filtering of services to Docker Swarm SD. #8074 - Uyuni: `hostname` label is now set to FQDN instead of IP - Update to upstream version 2.22.1 - Update packaging * Remove systemd and shadow hard requirements * use systemd-sysusers to configure the user in a dedicated 'system-user-prometheus' subpackage * add 'prometheus' package alias + Add support for Prometheus exporters proxy - Remove prometheus.firewall.xml source file - Remove firewalld files. They are installed in the main firewalld package. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2667-1 Released: Thu Aug 12 12:03:18 2021 Summary: Recommended update for system-user-prometheus Type: recommended Severity: moderate References: This recommended update for system-user-prometheus provides the following fixes: - Provide the user and group 'prometheus' to SUSE Enterprise Storage 6 needed by 'golang-github-prometheus-prometheus' (jsc#SLE-18254) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2675-1 Released: Thu Aug 12 12:05:11 2021 Summary: Security update for SUSE Manager Client Tools Type: security Severity: moderate References: 1175478,1186242,1186508,1186581,1186650,1188846,CVE-2021-27962,CVE-2021-28146,CVE-2021-28147,CVE-2021-28148,CVE-2021-29622 This update fixes the following issues: ansible: - The support level for ansible is l2, not l3 dracut-saltboot: - Force installation of libexpat.so.1 (bsc#1188846) - Use kernel parameters from PXE formula also for local boot golang-github-prometheus-prometheus: - Provide and reload firewalld configuration only for: + openSUSE Leap 15.0, 15.1, 15.2 + SUSE Linux Enterprise 15, 15 SP1, 15 SP2 - Upgrade to upstream version 2.27.1 (jsc#SLE-18254) + Bugfix: * SECURITY: Fix arbitrary redirects under the /new endpoint (CVE-2021-29622, bsc#1186242) * UI: Provide errors instead of blank page on TSDB Status Page. #8654 #8659 * TSDB: Do not panic when writing very large records to the WAL. #8790 * TSDB: Avoid panic when mmaped memory is referenced after the file is closed. #8723 * Scaleway Discovery: Fix nil pointer dereference. #8737 * Consul Discovery: Restart no longer required after config update with no targets. #8766 + Features: * Promtool: Retroactive rule evaluation functionality. * Configuration: Environment variable expansion for external labels. Behind '--enable-feature=expand-external-labels' flag. * Add a flag '--storage.tsdb.max-block-chunk-segment-size' to control the max chunks file size of the blocks for small Prometheus instances. * UI: Add a dark theme. * AWS Lightsail Discovery: Add AWS Lightsail Discovery. * Docker Discovery: Add Docker Service Discovery. * OAuth: Allow OAuth 2.0 to be used anywhere an HTTP client is used. * Remote Write: Send exemplars via remote write. Experimental and disabled by default. + Enhancements: * Digital Ocean Discovery: Add '__meta_digitalocean_vpc' label. * Scaleway Discovery: Read Scaleway secret from a file. * Scrape: Add configurable limits for label size and count. * UI: Add 16w and 26w time range steps. * Templating: Enable parsing strings in humanize functions. - Update package with changes from `server:monitoring` (bsc#1175478) Left out removal of 'firewalld' related configuration files as SUSE Linux Enterprise 15-SP1's `firewalld` package does not contain 'prometheus' configuration yet. mgr-cfg: - No visible impact for the user mgr-custom-info: - No visible impact for the user mgr-osad: - No visible impact for the user mgr-push: - No visible impact for the user mgr-virtualization: - No visible impact for the user rhnlib: - No visible impact for the user spacecmd: - Make spacecmd aware of retracted patches/packages - Enhance help for installation types when creating distributions (bsc#1186581) - Parse empty argument when nothing in between the separator spacewalk-client-tools: - Update translation strings spacewalk-koan: - Fix for spacewalk-koan tests after switching to the new Docker images spacewalk-oscap: - No visible impact for the user suseRegisterInfo: - No visible impact for the user uyuni-common-libs: - Handle broken RPM packages to prevent exceptions causing fails on repository synchronization (bsc#1186650) - Maintainer field in debian packages are only recommended (bsc#1186508) ----------------------------------------------------------------- Advisory ID: SUSE-feature-2021:3166-1 Released: Mon Sep 20 17:25:05 2021 Summary: Feature update for SUSE Manager 4.2.2 Proxy Type: feature Severity: moderate References: This update provides the following package to SUSE Manager 4.2.2 Proxy golang-github-prometheus-prometheus: - golang-github-prometheus-prometheus is added to SUSE Manager Proxy as L3 supported. ----------------------------------------------------------------- Advisory ID: SUSE-feature-2021:3168-1 Released: Mon Sep 20 17:25:42 2021 Summary: Feature update for SUSE Manager 4.2.2 Proxy and Server Type: feature Severity: moderate References: This update provides the following package to SUSE Manager 4.2.2 Proxy python-pyvmomi: - python-pyvmomi is added to SUSE Manager Proxy as L3 supported. ----------------------------------------------------------------- Advisory ID: SUSE-feature-2021:3169-1 Released: Mon Sep 20 17:26:07 2021 Summary: Feature update for SUSE Manager 4.2.2 Proxy and Server Type: feature Severity: moderate References: This update provides the following packages to SUSE Manager 4.2.2 Proxy and Server: ansible: - ansible and ansible-doc are added to SUSE Manager Proxy as L2 supported golang-github-prometheus-alertmanager: - golang-github-prometheus-alertmanager is added to SUSE Manager Proxy as L3 supported python-python-memcached: - python-python-memcached is added to SUSE Manager Proxy as L3 supported python-redis: - python-redis is added to SUSE Manager Proxy as L3 supported system-user-prometheus: - system-user-prometheus is added to SUSE Manager Proxy as L3 supported ----------------------------------------------------------------- Advisory ID: SUSE-feature-2021:3262-1 Released: Thu Sep 30 11:39:15 2021 Summary: Feature update for SUSE Manager 4.1.11 Proxy Type: feature Severity: moderate References: This update provides the following packages to SUSE Manager 4.1.11 Proxy golang-github-prometheus-prometheus: - golang-github-prometheus-prometheus is added to SUSE Manager Proxy as L3 supported ----------------------------------------------------------------- Advisory ID: SUSE-feature-2021:3263-1 Released: Thu Sep 30 11:39:37 2021 Summary: Feature update for SUSE Manager 4.1.11 Proxy Type: feature Severity: moderate References: This update provides the following packages to SUSE Manager 4.1.11 Proxy golang-github-prometheus-alertmanager: - golang-github-prometheus-alertmanager is added to SUSE Manager Proxy as L3 supported system-user-prometheus: - system-user-prometheus is added to SUSE Manager Proxy as L3 supported ----------------------------------------------------------------- Advisory ID: SUSE-feature-2021:3924-1 Released: Fri Dec 3 14:20:03 2021 Summary: Feature update for golang-github-prometheus-alertmanager Type: feature Severity: moderate References: 1143913,1176943 This feature update for golang-github-prometheus-alertmanager fixes the following issue: Provide version 0.21.0 of golang-github-prometheus-alertmanager (jsc#SLE-21859) - Exclude s390 architecture - Remove systemd and shadow hard requirements - Use the system user provided by the 'system-user-prometheus' subpackge - Add 'prometheus-alertmanager' package alias - Fix building amtool (bsc#1176943) - Fix permissions for '/var/lib/prometheus' to match 'golang-github-prometheus-prometheus' package and avoid installation checks failures - Remove HipChat integration as it is end-of-life. - Remove default assignment of environment variables. - Enforce 512KB event size limit. - Add cluster command to show cluster and peer statuses. - Add redirection from '/' to the routes prefix when it isn't empty. - Add 'max_alerts' option to limit the number of alerts included in the payload. - Improve logs for API v2, notifications and clustering. - Fix child routes not inheriting their parent route's grouping when 'group_by: [...]'. - Fix the receiver selector in the Alerts page when the receiver name contains regular expression metacharacters such as '+'. - Fix error message about start and end time validation. - Fix a potential race condition in dispatcher. - Return an empty array of peers when the clustering is disabled. - Fix the registration of 'alertmanager_dispatcher_aggregation_groups' and 'alertmanager_dispatcher_alert_processing_duration_seconds' metrics. - Always retry notifications with back-off. - Update to build with go1.14 - Refresh example config from upstream - Add 'network-online' (Wants and After) dependency to systemd unit (bsc#1143913) ----------------------------------------------------------------- Advisory ID: SUSE-feature-2021:3925-1 Released: Fri Dec 3 14:20:36 2021 Summary: Feature update for SUSE Manager Client Tools Type: feature Severity: moderate References: 1191194 This update fixes the following issues: prometheus-blackbox_exporter: - Provide 'prometheus-blackbox_exporter' version 0.19.0 (jsc#SLE-22351) - Use '%set_permissions' and '%verify_permissions' for SUSE Linux Enterprise 12 (bsc#1191194) - Set 'CAP_NET_RAW' capability to allow ICMP requests grafana: - Add URL to package source code in the login page footer spacecmd: - Update translation strings spacewalk-client-tools: - Update translation strings zypp-plugin-spacewalk: - Use proxy configured in 'up2date' config when it is defined - Added RHEL8 build. ----------------------------------------------------------------- Advisory ID: SUSE-feature-2022:446-1 Released: Wed Feb 16 16:25:01 2022 Summary: Feature update for venv-salt-minion Type: feature Severity: moderate References: 1000080,1000117,1000194,1000742,1002895,1003091,1005246,1010874,1010966,1011936,1015549,1027610,1027705,1029902,1030038,1032118,1032119,1035604,1039469,1040164,1040256,1041090,1042670,1049186,1049304,1050653,1050665,1055478,1055542,1056951,1057496,1062237,1066873,1068790,1070737,1070738,1070853,1071941,1073310,1073845,1073879,1074247,1076519,1077096,1077230,1078329,1079761,1080301,1081005,1081750,1081751,1082155,1082163,1082318,1083826,1084117,1084157,1085276,1085529,1085661,1087104,1088573,1090427,1090953,1093518,1093917,1094788,1094814,1094883,1095267,1096738,1096937,1097531,1098535,1099308,1099569,1102868,1108508,1109882,1109998,1110435,1110869,1110871,1111493,1111622,1111657,1112357,1115769,1118611,1119376,1119416,1119792,1121717,1121852,1122191,1123064,1123185,1123186,1123558,1124885,1125815,1126283,1126318,1127173,1128146,1128323,1128355,1129071,1129566,1130840,1132174,1132323,1132455,1132663,1132900,1135009,1136444,1138666,1138715,1138746,1139915,1140255,1141168,1142899,1143033,1143454,1143893,1144506,1149686,1149792,1150190,1150895,1153830,1155815,1156677,1156694,1156908,1157104,1157354,1159235,1159538,1161557,1161770,1162224,1162367,1162743,1163978,1164310,1165439,1165578,1165730,1165823,1165960,1166139,1166758,1167008,1167501,1167732,1167746,1168480,1168973,1169489,1170175,1170863,1171368,1171561,1172226,1172908,1172928,1173226,1173356,1174009,1174091,1174514,1175729,1176116,1176129,1176134,1176232,1176256,1176257,1176258,1176259,1176262,1176389,1176785,1176977,1177120,1177127,1177559,1178168,1178341,1178670,1179562,1179630,1179805,1180125,1180781,1181126,1181324,1181944,1182066,1182211,1182244,1182264,1182379,1182963,1183059,1183374,1183858,1184505,1185588,1185706,1185748,1186738,1187045,1190781,1193357,428177,431945,637176,657698,658604,673071,715423,743787,747125,750618,751718,754447,754677,761500,784670,787526,799119,809831,811890,825221,828513,831629,834601,835687,839107,84331,855666,858239,867887,871152,885662,885882,889363,892480,898917,907584,912460,913229,915479,917607,917759,917815,922448,929736,930189,931978,935856,937912,939456,940608,942385,942751,944204,945455,946648,947357,947679,948198,954486,954690,961334,962291,963974,964204,964472,964474,965830,967128,968270,968601,975875,981848,988086,992988,992989,992992,993130,993825,993968,994910,996255,997614,CVE-2011-3389,CVE-2011-4944,CVE-2012-0845,CVE-2012-1150,CVE-2013-1752,CVE-2013-4238,CVE-2013-4314,CVE-2014-0012,CVE-2014-1829,CVE-2014-1830,CVE-2014-2667,CVE-2014-4650,CVE-2014-7202,CVE-2014-7203,CVE-2014-9721,CVE-2015-2296,CVE-2016-10745,CVE-2016-9015,CVE-2017-18342,CVE-2018-18074,CVE-2018-20060,CVE-2018-7750,CVE-2019-10906,CVE-2019-11236,CVE-2019-11324,CVE-2019-13132,CVE-2019-20907,CVE-2019-20916,CVE-2019-5010,CVE-2019-6250,CVE-2019-8341,CVE-2019-9740,CVE-2019-9947,CVE-2020-14343,CVE-2020-15166,CVE-2020-15523,CVE-2020-15801,CVE-2020-1747,CVE-2020-25659,CVE-2020-26137,CVE-2020-27783,CVE-2020-28493,CVE-2020-29651,CVE-2020-36242,CVE-2020-8492,CVE-2021-23336,CVE-2021-28957,CVE-2021-29921,CVE-2021-3177,CVE-2021-33503,CVE-2021-3426 This feature update for venv-salt-minion provides the following changes: - Introduce `venv-salt-minion`. - Track already fixed issues. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:595-1 Released: Mon Feb 28 16:55:47 2022 Summary: Recommended update for SUSE Manager Client Tools Type: recommended Severity: moderate References: 1192487,1193600 This update fixes the following issues: ansible: - Require python macros for building mgr-cfg: - Version 4.2.6-1 * Do not build python 2 package for SLE15SP4 and higher - Version 4.2.5-1 * do not build python 2 package for SLE15 - Version 4.2.4-1 * Fix python selinux package name depending on build target (bsc#1193600) mgr-custom-info: - Version 4.2.3-1 * require python macros for building mgr-osad: - Version 4.2.7-1 * Do not build python 2 package for SLE15SP4 and higher * require python macros for building mgr-push: - Version 4.2.4-1 * Do not build python 2 package for SLE15SP4 and higher mgr-virtualization: - Version 4.2.3-1 * Do not build python 2 package for SLE15SP4 and higher * require python macros for building rhnlib: - Version 4.2.5-1 * do not build python 2 package for SLE15 spacecmd: - Version 4.2.15-1 * require python macros for building spacewalk-client-tools: - Version 4.2.16-1 * do not build python 2 package for SLE15 * require python macros for building spacewalk-koan: - Version 4.2.5-1 * Do not build python 2 package for SLE15SP4 and higher spacewalk-oscap: - Version 4.2.3-1 * Do not build python 2 package for SLE15SP4 and higher * require python macros for building spacewalk-remote-utils: - Version 4.2.2-1 * require python macros for building suseRegisterInfo: - Version 4.2.5-1 * require python macros for building * Do not build python 2 package for SLE15 and higher uyuni-common-libs: - Version 4.2.6-1 * Read modularity data from DISTTAG tag as fallback (bsc#1192487) * require python macros for building zypp-plugin-spacewalk: - 1.0.11 * require python macros for building ----------------------------------------------------------------- Advisory ID: SUSE-feature-2022:599-1 Released: Mon Feb 28 16:59:39 2022 Summary: Feature update for golang-github-prometheus-prometheus Type: feature Severity: moderate References: 1181400 This feature update for golang-github-prometheus-prometheus provides the following changes: Upgrade `golang-github-prometheus-prometheus` from version 2.27.1 to version 2.32.1: (jsc#SLE-22863) - Use `obs-service-go_modules` - Added hardening to systemd service(s). Modified `prometheus.service` (bsc#1181400) - Bugfixes: * Scrape: Fix reporting metrics when sample limit is reached during the report. * Scrape: Ensure that scrape interval and scrape timeout are always set. * TSDB: Expose and fix bug in iterators' Seek() method. * TSDB: Add more size checks when writing individual sections in the index. * PromQL: Make deriv() return zero values for constant series. * TSDB: Fix panic when checkpoint directory is empty. #9687 * TSDB: Fix panic, out of order chunks, and race warning during WAL replay. * UI: Correctly render links for targets with IPv6 addresses that contain a Zone ID. * Promtool: Fix checking of `authorization.credentials_file` and `bearer_token_file` fields. * Uyuni SD: Fix null pointer exception during initialization. * TSDB: Fix queries after a failed snapshot replay. * SD: Fix a panic when the experimental discovery manager receives targets during a reload. * Backfill: Apply rule labels after query labels. * Scrape: Resolve conflicts between multiple exported label prefixes. * Scrape: Restart scrape loops when __scrape_interval__ is changed. * TSDB: Fix memory leak in samples deletion. * UI: Use consistent margin-bottom for all alert kinds. * TSDB: Fix panic on failed snapshot replay. * TSDB: Don't fail snapshot replay with exemplar storage disabled when the snapshot contains exemplars. * TSDB: Don't error on overlapping m-mapped chunks during WAL replay. * promtool rules backfill: Prevent creation of data before the start time. * promtool rules backfill: Do not query after the end time. * Azure SD: Fix panic when no computername is set. * Exemplars: Fix panic when resizing exemplar storage from 0 to a non-zero size. * TSDB: Correctly decrement `prometheus_tsdb_head_active_appenders` when the append has no samples. * promtool rules backfill: Return 1 if backfill was unsuccessful. * promtool rules backfill: Avoid creation of overlapping blocks. * config: Fix a panic when reloading configuration with a null relabel action. * Fix Kubernetes SD failing to discover Ingress in Kubernetes v1.22. * Fix data race in loading write-ahead-log (WAL). * TSDB: align atomically accessed int64 to prevent panic in 32-bit archs. * Log when total symbol size exceeds 2^32 bytes, causing compaction to fail, and skip compaction. * Fix incorrect target_limit reloading of zero value. * Fix head GC and pending readers race condition. * Fix timestamp handling in OpenMetrics parser. * Fix potential duplicate metrics in /federate endpoint when specifying multiple matchers. * Fix server configuration and validation for authentication via client cert. * Allow start and end again as label names in PromQL queries. They were disallowed since the introduction of @ timestamp feature. * HTTP SD: Allow charset specification in Content-Type header. * HTTP SD: Fix handling of disappeared target groups. * Fix incorrect log-level handling after moving to go-kit/log. * UI: In the experimental PromQL editor, fix autocompletion and parsing for special float values and improve series metadata fetching. * TSDB: When merging chunks, split resulting chunks if they would contain more than the maximum of 120 samples. * SD: Fix the computation of the `prometheus_sd_discovered_targets` metric when using multiple service discoveries. - Change: * remote-write: Change default max retry time from 100ms to 5 seconds. * UI: Remove standard PromQL editor in favour of the codemirror-based editor. * Promote `--storage.tsdb.allow-overlapping-blocks` flag to stable. * Promote `--storage.tsdb.retention.size` flag to stable. * UI: Make the new experimental PromQL editor the default. - Features: * Agent: New mode of operation optimized for remote-write only scenarios, without local storage. * Promtool: Add promtool check service-discovery command. * PromQL: Add trigonometric functions and atan2 binary operator. * Remote: Add support for exemplar in the remote write receiver endpoint. * SD: Add PuppetDB service discovery. * SD: Add Uyuni service discovery. * Web: Add support for security-related HTTP headers. * experimental TSDB: Snapshot in-memory chunks on shutdown for faster restarts. * experimental Scrape: Configure scrape interval and scrape timeout via relabeling using `__scrape_interval__` and `__scrape_timeout__` labels respectively. * Scrape: Add scrape_timeout_seconds and scrape_sample_limit metric. * Add Kuma service discovery. * Add present_over_time PromQL function. * Allow configuring exemplar storage via file and make it reloadable. * UI: Allow selecting time range with mouse drag. * promtool: Add feature flags flag `--enable-feature`. * promtool: Add `file_sd` file validation. * Linode SD: Add Linode service discovery. * HTTP SD: Add generic HTTP-based service discovery. * Kubernetes SD: Allow configuring API Server access via a kubeconfig file. * UI: Add exemplar display support to the graphing interface. * Consul SD: Add namespace support for Consul Enterprise. - Enhancements: * Promtool: Improve test output. * Promtool: Use kahan summation for better numerical stability. * Remote-write: Reuse memory for marshalling. * Scrape: Add scrape_body_size_bytes scrape metric behind the `--enable-feature=extra-scrape-metrics` flag. * TSDB: Add windows arm64 support. * TSDB: Optimize query by skipping unneeded sorting in TSDB. * Templates: Support int and uint as datatypes for template formatting. * UI: Prefer rate over rad, delta over deg, and count over cos in autocomplete. * Azure SD: Add proxy_url, follow_redirects, tls_config. * Backfill: Add `--max-block-duration` in promtool `create-blocks-from` rules. * Config: Print human-readable sizes with unit instead of raw numbers. * HTTP: Re-enable HTTP/2. * Kubernetes SD: Warn user if number of endpoints exceeds limit. * OAuth2: Add TLS configuration to token requests. * PromQL: Several optimizations. * PromQL: Make aggregations deterministic in instant queries. * Rules: Add the ability to limit number of alerts or series. * SD: Experimental discovery manager to avoid restarts upon reload. * UI: Debounce timerange setting changes. * Remote Write: Redact remote write URL when used for metric label. * UI: Redact remote write URL and proxy URL passwords in the /config page. * Scrape: Add --scrape.timestamp-tolerance flag to adjust scrape timestamp tolerance when enabled via `--scrape.adjust-timestamps`. * Remote Write: Improve throughput when sending exemplars. * TSDB: Optimise WAL loading by removing extra map and caching min-time * promtool: Speed up checking for duplicate rules. * Scrape: Reduce allocations when parsing the metrics. * docker_sd: Support host network mode * Reduce blocking of outgoing remote write requests from series garbage collection. * Improve write-ahead-log decoding performance. * Improve append performance in TSDB by reducing mutexes usage. * Allow configuring max_samples_per_send for remote write metadata. * Add `__meta_gce_interface_ipv4_` meta label to GCE discovery. * Add `__meta_ec2_availability_zone_id` meta label to EC2 discovery. * Add `__meta_azure_machine_computer_name` meta label to Azure discovery. * Add `__meta_hetzner_hcloud_labelpresent_` meta label to Hetzner discovery. * promtool: Add compaction efficiency to promtool tsdb analyze reports. * promtool: Allow configuring max block duration for backfilling via `--max-block-duration` flag. * UI: Add sorting and filtering to flags page. * UI: Improve alerts page rendering performance. * Promtool: Allow silencing output when importing / backfilling data. * Consul SD: Support reading tokens from file. * Rules: Add a new .ExternalURL alert field templating variable, containing the external URL of the Prometheus server. * Scrape: Add experimental body_size_limit scrape configuration setting to limit the allowed response body size for target scrapes. * Kubernetes SD: Add ingress class name label for ingress discovery. * UI: Show a startup screen with progress bar when the TSDB is not ready yet. * SD: Add a target creation failure counter `prometheus_target_sync_failed_total` and improve target creation failure handling. * TSDB: Improve validation of exemplar label set length. * TSDB: Add a prometheus_tsdb_clean_start metric that indicates whether a TSDB lockfile from a previous run still existed upon startup. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:796-1 Released: Thu Mar 10 12:16:15 2022 Summary: Recommended update for golang-github-prometheus-prometheus Type: recommended Severity: moderate References: 1196300 This update for golang-github-prometheus-prometheus fixes the following issues: - Fix Firewalld configuration file location (bsc#1196300) - Require Go 1.16+ - Do not build on s390 architecture. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:797-1 Released: Thu Mar 10 12:16:39 2022 Summary: Recommended update for zypp-plugin-spacewalk Type: recommended Severity: moderate References: This update for zypp-plugin-spacewalk fixes the following issues: zypp-plugin-spacewalk: - Update to version 1.0.12 * use new encoding function if available ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1435-1 Released: Wed Apr 27 14:34:27 2022 Summary: Security update for firewalld, golang-github-prometheus-prometheus Type: security Severity: important References: 1196338,1197042,CVE-2022-21698 This update for firewalld, golang-github-prometheus-prometheus fixes the following issues: Security fixes for golang-github-prometheus-prometheus: - CVE-2022-21698: Denial of Service through unbounded cardinality, and potential memory exhaustion, when handling requests with non-standard HTTP methods (bsc#1196338). Other non security changes for golang-github-prometheus-prometheus: - Build `firewalld-prometheus-config` only for SUSE Linux Enterprise 15, 15-SP1 and 15-SP2, and require `firewalld`. - Only recommends `firewalld-prometheus-config` as prometheus does not require it to run. - Create `firewalld-prometheus-config` subpackage (bsc#1197042, jsc#SLE-24373, jsc#SLE-24374, jsc#SLE-24375) Other non security changes for firewalld: - Provide dummy `firewalld-prometheus-config` package (bsc#1197042) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1500-1 Released: Tue May 3 09:31:40 2022 Summary: Recommended updates for jetty-artifact-remote-resources, jboss-logging Type: recommended Severity: low References: 1197642 This update for jetty-artifact-remote-resources, jboss-logging fixes the following issues: - Do not require mvn(log4j:log4j) for build. (bsc#1197642) - Do not build against the log4j12 packages. - Update jboss-logging to 3.4.1 ----------------------------------------------------------------- Advisory ID: SUSE-feature-2022:2042-1 Released: Fri Jun 10 11:56:06 2022 Summary: Feature update for SUSE Manager Salt Bundle Type: feature Severity: important References: 1182851,1194632,1196050,1196432,1197417,1197637,1198556,1199149,CVE-2022-22934,CVE-2022-22935,CVE-2022-22936,CVE-2022-22941 This update fixes the following issues: venv-salt-minion: - Make sure SaltCacheLoader use correct fileclient (bsc#1199149) - Fix the regression caused by the patch removing strict requirement for OpenSSL 1.1.1 leading to read/write issues with ssl module for SLE 15, SLE 12, CentOS 7, Debian 9 (bsc#1198556) - Fix salt-ssh opts poisoning (bsc#1197637) - Fix multiple security issues (bsc#1197417) * CVE-2022-22935: Sign authentication replies to prevent MiTM. * CVE-2022-22934: Sign pillar data to prevent MiTM attacks. * CVE-2022-22936: Prevent job and fileserver replays. * CVE-2022-22941: Fixed targeting bug, especially visible when using syndic and user auth. - Salt version bump to 3004 - Python version bump to 3.10.2 - Clear network interfaces cache on grains request (bsc#1196050) - Add salt-ssh with Salt Bundle support (venv-salt-minion) (bsc#1182851, bsc#1196432) - Restrict 'state.orchestrate_single' to pass a pillar value if it exists (bsc#1194632) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2118-1 Released: Mon Jun 20 13:04:15 2022 Summary: Recommended update for SUSE Manager Client Tools Type: recommended Severity: moderate References: 1181223,1190462,1193600,1196704,1197507,1197689 This update fixes the following issues: golang-github-QubitProducts-exporter_exporter: - Adapted to build on Enterprise Linux. - Fix build for RedHat 7 - Require Go >= 1.14 also for CentOS - Add support for CentOS - Replace %{?systemd_requires} with %{?systemd_ordering} mgr-cfg: - Version 4.3.6-1 * Corrected source URL in spec file * Fix installation problem for SLE15SP4 due missing python-selinux * Fix python selinux package name depending on build target (bsc#1193600) * Do not build python 2 package for SLE15SP4 and higher * Remove unused legacy code mgr-custom-info: - Version 4.3.3-1 * Remove unused legacy code mgr-daemon: - Version 4.3.4-1 * Corrected source URLs in spec file. * Update translation strings mgr-osad: - Version 4.3.6-1 * Corrected source URL in spec file. * Do not build python 2 package for SLE15SP4 and higher * Removed spacewalk-selinux dependencies. * Updated source url. mgr-push: - Version 4.3.4-1 * Corrected source URLs in spec file. mgr-virtualization: - Version 4.3.5-1 * Corrected source URLs in spec file. * Do not build python 2 package for SLE15SP4 and higher prometheus-blackbox_exporter: - Enhanced to build on Enterprise Linux 8 prometheus-postgres_exporter: - Updated for RHEL8. python-hwdata: - Require python macros for building rhnlib: - Version 4.3.4-1 * Reorganize python files spacecmd: - Version 4.3.11-1 * on full system update call schedulePackageUpdate API (bsc#1197507) * parse boolean paramaters correctly (bsc#1197689) * Add parameter to set containerized proxy SSH port * Add proxy config generation subcommand * Option 'org_createfirst' added to perform initial organization and user creation * Added gettext build requirement for RHEL. * Removed RHEL 5 references. * Include group formulas configuration in spacecmd group_backup and spacecmd group_restore. This changes backup format to json, previously used plain text is still supported for reading (bsc#1190462) * Update translation strings * Improved event history listing and added new system_eventdetails command to retrieve the details of an event * Make schedule_deletearchived to get all actions without display limit * Allow passing a date limit for schedule_deletearchived on spacecmd (bsc#1181223) spacewalk-client-tools: - Version 4.3.9-1 * Corrected source URLs in spec file. * do not build python 2 package for SLE15 * Remove unused legacy code * Update translation strings spacewalk-koan: - Version 4.3.5-1 * Corrected source URLs in spec file. spacewalk-oscap: - Version 4.3.5-1 * Corrected source URLs in spec file. * Do not build python 2 package for SLE15SP4 and higher spacewalk-remote-utils: - Version 4.3.3-1 * Adapt the package for changes in rhnlib supportutils-plugin-susemanager-client: - Version 4.3.2-1 * Add proxy containers config and logs suseRegisterInfo: - Version 4.3.3-1 * Bump version to 4.3.0 supportutils-plugin-salt: - Add support for Salt Bundle uyuni-common-libs: - Version 4.3.4-1 * implement more decompression algorithms for reposync (bsc#1196704) * Reorganize python files * Add decompression of zck files to fileutils ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2136-1 Released: Mon Jun 20 13:45:31 2022 Summary: Recommended update for SUSE Manager 4.3 Release Notes Type: recommended Severity: low References: This update for SUSE Manager 4.3 Release Notes provides the following additions: Release notes for SUSE Manager: - Update to SUSE Manager 4.3.0.1 * Workarounds for some known issues. Release notes for SUSE Manager proxy: - Update to SUSE Manager 4.3.0.1 * Workaround for an upgrade issue of SUSE Manager Proxy 4.2 based on JeOS image to 4.3. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2139-1 Released: Mon Jun 20 14:55:41 2022 Summary: Security update for golang-github-prometheus-alertmanager Type: security Severity: important References: 1181400,1196338,CVE-2022-21698 This update for golang-github-prometheus-alertmanager fixes the following issues: Update golang-github-prometheus-alertmanager from version 0.21.0 to version 0.23.0 (bsc#1196338, jsc#SLE-24077) - CVE-2022-21698: Denial of service using InstrumentHandlerCounter - Update vendor tarball with prometheus/client_golang 1.11.1 - Update required Go version to 1.16 - Use %autosetup macro - Update to version 0.23.0: * Release 0.23.0 * Release 0.23.0-rc.0 * amtool: Detect version drift and warn users (#2672) * Add ability to skip TLS verification for amtool (#2663) * Fix empty isEqual in amtool. (#2668) * Fix main tests (#2670) * cli: add new template render command (#2538) * OpsGenie: refer to alert instead of incident (#2609) * Docs: target_match and source_match are DEPRECATED (#2665) * Fix test not waiting for cluster member to be ready - Add go_modules to _service. - Added hardening to systemd service(s) with a modified prometheus-alertmanager.service (bsc#1181400) ----------------------------------------------------------------- Advisory ID: SUSE-feature-2022:2488-1 Released: Thu Jul 21 12:15:27 2022 Summary: Feature update for python-python-debian Type: feature Severity: moderate References: This feature update for python-python-debian provides: - Rename python-debian to python-python-debian according to the Python packaging guidelines (jsc#SLE-24672) - Provide python-python-debian version 0.1.44 (jsc#SLE-24672) * Add support for zstd compression in .deb files * Use logging.warning rather than warnings for data problems. * Support for finding files (including changelog.Debian.gz) that are beyond a symlink within the package * Update packaging for zstd compressed .deb code * Annotate binutils build-dep with * Update Standards-Version to 4.6.1 * Various improvements to the round-trip-safe deb822 parser * Support the Files-Included field in debian/copyright * Fix URL for API documentation in README.rst * RTS parser: minor documentation fixes * Declare minimum Python version of 3.5 for most modules except the RTS parser. Add CI testing with Python 3.5 * RTS parser: Handle leading tabs for setting values * RTS parser: Preserve original field case * RTS parser: Expose str type for keys in paragraphs * Use logging for warnings about data that's being read, rather than the warnings module * Fix type checks for mypy 0.910 * Silence lintian complaint about touching the dpkg database in the examples * Add RTS parser to setup.py so that it is installed. * Add copyright attribution for RTS parser * RTS parser: Accept tabs as continuation line marker * Interpretation: Preserve tab as continuation line if used * RTS parser: Make value interpretation tokenization consistent * RTS parser: Add interpretation for Uploaders field * Add contextmanager to DebFile * Added format/comment preserving deb822 parser as debian._deb822_repro. * Add Build-Depends-Arch, Build-Conflicts-Arch to list of relationship fields * In debian.changelog.get_maintainer, cope with unknown UIDs * Numerous enhancements to the deb822.BuildInfo class * Include portability patch for pwd module on Windows * Drop the deb822.BuildInfo.get_debian_suite function * Move re.compile calls out of functions * Revert unintended renaming of Changelog.get_version/set_version * Add a type for .buildinfo files (deb822.BuildInfo) * Add support for SHA1-Download and SHA256-* variants in PdiffIndex class for .diff/Index files * Permit single-character package names in dependency relationship specifications * Update to debhelper-compat (= 13) * Update examples to use #!/usr/bin/python3 * Fix tabs vs spaces in examples. * Provide accessor for source package version for binary packages * Allow debian_support.PackageFile to accept StringIO as well as BytesIO * Change handling of case-insensitive field names to allow Deb822 objects to be serialised * Add SHA265 support to handling of pdiffs * Add support for additional headers for merged pdiffs to PDiffIndex * Add a debian.watch module for parsing watch files * Prevent stripping of last newline in initial lines before changelog files * Add a Copyright.files_excluded field * Allow specifying allow_missing_author when reserializing changelog entries * Drop python2 support (from version 0.1.37) * Add Rules-Requires-Root: no * Parse Built-Using relationship fields * Extend Deb822 parser to allow underscores in the field name * Add accessors for Version objects from Deb822 - Remove superfluous devel dependency for noarch package ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2676-1 Released: Thu Aug 4 18:27:49 2022 Summary: Recommended update for patterns-suse-manager Type: recommended Severity: critical References: 1202142 This update for patterns-suse-manager fixes the following issues: - Strictly require OpenJDK 11. (bsc#1202142) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3172-1 Released: Thu Sep 8 09:29:28 2022 Summary: Security update for SUSE Manager Salt Bundle Type: security Severity: moderate References: 1195895,1197288,1198489,1198744,1199372,1200566,1201082,CVE-2022-22967 This update fixes the following issues: venv-salt-minion: - Add support for gpgautoimport in zypperpkg module - Update Salt to work with Jinja >= and <= 3.1.0 (bsc#1198744) - Fix salt.states.file.managed() for follow_symlinks=True and test=True (bsc#1199372) - Make Salt 3004 compatible with pyzmq >= 23.0.0 (bsc#1201082) - Add support for name, pkgs and diff_attr parameters to upgrade function for zypper and yum (bsc#1198489) - Fix possible errors on running post install script if semanage is present on the system, but SELinux is not configured - Remove unused imports in the venv wrappers - Set VENV_PIP_TARGET to /var/lib/venv-salt-minion/local to force PIP use it as the destination to install modules - Fix ownership of salt thin directory when using the Salt Bundle - Set default target for pip from VENV_PIP_TARGET environment variable - Normalize package names once with pkg.installed/removed using yum (bsc#1195895) - Save log to logfile with docker.build - Use Salt Bundle in dockermod - Ignore errors on reading license files with dpkg_lowpkg (bsc#1197288) - Fix PAM auth issue due missing check for PAM_ACCT_MGM return value (CVE-2022-22967) (bsc#1200566) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3178-1 Released: Thu Sep 8 09:35:05 2022 Summary: Important security update for SUSE Manager Client Tools Type: security Severity: important References: 1176460,1180816,1180942,1181119,1181935,1183684,1187725,1188061,1193585,1197963,1199528,1200142,1200591,1200968,1200970,1201003,1202614,CVE-2021-20178,CVE-2021-20180,CVE-2021-20191,CVE-2021-20228,CVE-2021-3447,CVE-2021-3583,CVE-2021-3620 This update fixes the following issues: ansible: - Update to version 2.9.27 (jsc#SLE-23631, jsc#SLE-24133) * CVE-2021-3620 ansible-connection module discloses sensitive info in traceback error message (in 2.9.27) (bsc#1187725) * CVE-2021-3583 Template Injection through yaml multi-line strings with ansible facts used in template. (in 2.9.23) (bsc#1188061) * ansible module nmcli is broken in ansible 2.9.13 (in 2.9.15) (bsc#1176460) - Update to 2.9.22: * CVE-2021-3447 (bsc#1183684) multiple modules expose secured values * CVE-2021-20228 (bsc#1181935) basic.py no_log with fallback option * CVE-2021-20191 (bsc#1181119) multiple collections exposes secured values * CVE-2021-20180 (bsc#1180942) bitbucket_pipeline_variable exposes sensitive values * CVE-2021-20178 (bsc#1180816) user data leak in snmp_facts module dracut-saltboot: - Require e2fsprogs (bsc#1202614) - Update to version 0.1.1657643023.0d694ce * Update dracut-saltboot dependencies (bsc#1200970) * Fix network loading when ipappend is used in pxe config * Add new information messages golang-github-QubitProducts-exporter_exporter: - Remove license file from %doc mgr-daemon: - Version 4.3.5-1 * Update translation strings mgr-virtualization: - Version 4.3.6-1 * Report all VMs in poller, not only running ones (bsc#1199528) prometheus-blackbox_exporter: - Exclude s390 arch python-hwdata: - Declare the LICENSE file as license and not doc spacecmd: - Version 4.3.14-1 * Fix missing argument on system_listmigrationtargets (bsc#1201003) * Show correct help on calling kickstart_importjson with no arguments * Fix tracebacks on spacecmd kickstart_export (bsc#1200591) * Change proxy container config default filename to end with tar.gz * Update translation strings spacewalk-client-tools: - Version 4.3.11-1 * Update translation strings uyuni-common-libs: - Version 4.3.5-1 * Fix reposync issue about 'rpm.hdr' object has no attribute 'get' uyuni-proxy-systemd-services: - Version 4.3.6-1 * Expose port 80 (bsc#1200142) * Use volumes rather than bind mounts * TFTPD to listen on udp port (bsc#1200968) * Add TAG variable in configuration * Fix containers namespaces in configuration zypp-plugin-spacewalk: - 1.0.13 * Log in before listing channels. (bsc#1197963, bsc#1193585) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3182-1 Released: Thu Sep 8 09:40:09 2022 Summary: Recommended update for SUSE Manager 4.3.1 Release Notes Type: recommended Severity: moderate References: 1172179,1179962,1186011,1187028,1191925,1194394,1195455,1198356,1198358,1198944,1199147,1199157,1199523,1199629,1199646,1199656,1199659,1199662,1199663,1199679,1199714,1199727,1199779,1199817,1199874,1199950,1199984,1199998,1200276,1200347,1200532,1200591,1200606,1200707,1201003,1201142,1201189,1201224,1201411,1201498,1201782,1201842 This update for SUSE Manager 4.3.1 Release Notes fixes the following issues: Release notes for SUSE Manager: - Update to SUSE Manager 4.3.1 * GPG key handling in SUSE Manager * Disabling locally defined repositories * Bugs mentioned bsc#1172179, bsc#1179962, bsc#1186011, bsc#1187028, bsc#1191925, bsc#1194394, bsc#1195455, bsc#1198356, bsc#1198358, bsc#1198944, bsc#1199147, bsc#1199157, bsc#1199523, bsc#1199629, bsc#1199646, bsc#1199656, bsc#1199659, bsc#1199662, bsc#1199663, bsc#1199679, bsc#1199714, bsc#1199727, bsc#1199779, bsc#1199817, bsc#1199874, bsc#1199950, bsc#1199984, bsc#1199998, bsc#1200276, bsc#1200347, bsc#1200532, bsc#1200591, bsc#1200606, bsc#1200707, bsc#1201003, bsc#1201142, bsc#1201189, bsc#1201224, bsc#1201411, bsc#1201498, bsc#1201782, bsc#1201842 Release notes for SUSE Manager Proxy: - Update to SUSE Manager 4.3.1 * Bugs mentioned bsc#1199659, bsc#1199679, bsc#1200591, bsc#1201003, bsc#1201142 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3324-1 Released: Wed Sep 21 11:22:23 2022 Summary: Recommended update for skelcd-control-suse-manager-proxy, skelcd-control-suse-manager-server Type: recommended Severity: important References: 1203294 This update for skelcd-control-suse-manager-proxy, skelcd-control-suse-manager-server fixes the following issues: skelcd-control-suse-manager-proxy: - Fix setting default module section in installation control file (bsc#1203294) skelcd-control-suse-manager-server: - Remove python2 module not supported and not needed in SLE15 SP4 and SUSE Manager Server 4.3 - Fix setting default module section in installation control file (bsc#1203294) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3494-1 Released: Tue Oct 4 09:34:30 2022 Summary: Security update for libgit2 Type: security Severity: important References: 1198234,1201431,CVE-2022-24765,CVE-2022-29187 This update for libgit2 fixes the following issues: - CVE-2022-24765: Fixed potential command injection via git worktree (bsc#1198234). - CVE-2022-29187: Fixed incomplete fix for CVE-2022-24765 (bsc#1201431). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3563-1 Released: Tue Oct 11 09:46:01 2022 Summary: Security update for libgsasl Type: security Severity: moderate References: 1201715,CVE-2022-2469 This update for libgsasl fixes the following issues: - CVE-2022-2469: Fixed OOB read in GSSAPI server (bsc#1201715). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3743-1 Released: Wed Oct 26 10:34:54 2022 Summary: Recommended update for golang-github-prometheus-alertmanager Type: recommended Severity: moderate References: 1200725 This update for golang-github-prometheus-alertmanager fixes the following issues: - Do not include sources (bsc#1200725) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3751-1 Released: Wed Oct 26 10:47:46 2022 Summary: Security update for SUSE Manager Client Tools Type: security Severity: moderate References: 1198903,1201535,1201539,CVE-2022-31097,CVE-2022-31107 This update fixes the following issues: dracut-saltboot: - Update to version 0.1.1661440542.6cbe0da * Use standard susemanager.conf * Move image services to dracut-saltboot package * Use salt bundle golang-github-lusitaniae-apache_exporter: - Update to upstream release 0.11.0 (jsc#SLE-24791) * Add TLS support * Switch to logger, please check --log.level and --log.format flags - Update to version 0.10.1 * Bugfix: Reset ProxyBalancer metrics on each scrape to remove stale data - Update to version 0.10.0 * Add Apache Proxy and other metrics - Update to version 0.8.0 * Change commandline flags * Add metrics: Apache version, request duration total - Adapted to build on Enterprise Linux 8 - Require building with Go 1.15 - Add %license macro for LICENSE file grafana: - Update to version 8.3.10 + Security: * CVE-2022-31097: Cross Site Scripting vulnerability in the Unified Alerting (bsc#1201535) * CVE-2022-31107: Fixes OAuth account takeover vulnerability (bsc#1201539) - Update to version 8.3.9 + Bug fixes: * Geomap: Display legend * Prometheus: Fix timestamp truncation - Update to version 8.3.7 + Bug fix: * Provisioning: Ensure that the default value for orgID is set when provisioning datasources to be deleted. - Update to version 8.3.6 + Features and enhancements: * Cloud Monitoring: Reduce request size when listing labels. * Explore: Show scalar data result in a table instead of graph. * Snapshots: Updates the default external snapshot server URL. * Table: Makes footer not overlap table content. * Tempo: Add request histogram to service graph datalink. * Tempo: Add time range to tempo search query behind a feature flag. * Tempo: Auto-clear results when changing query type. * Tempo: Display start time in search results as relative time. * CloudMonitoring: Fix resource labels in query editor. * Cursor sync: Apply the settings without saving the dashboard. * LibraryPanels: Fix for Error while cleaning library panels. * Logs Panel: Fix timestamp parsing for string dates without timezone. * Prometheus: Fix some of the alerting queries that use reduce/math operation. * TablePanel: Fix ad-hoc variables not working on default datasources. * Text Panel: Fix alignment of elements. * Variables: Fix for constant variables in self referencing links. - Update to version 8.3.5 (jsc#SLE-23439, jsc#SLE-23422, jsc#SLE-24565) mgr-daemon: - Version 4.3.6-1 * Update translation strings spacecmd: - Version 4.3.15-1 * Process date values in spacecmd api calls (bsc#1198903) spacewalk-client-tools: - Version 4.3.12-1 * Update translation strings uyuni-common-libs: - Version 4.3.6-1 * Do not allow creating path if nonexistent user or group in fileutils. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3755-1 Released: Wed Oct 26 10:52:03 2022 Summary: Recommended update for SUSE Manager Salt Bundle Type: recommended Severity: moderate References: 1195624,1199562,1200596,1202165,1202167,1202631 This update fixes the following issues: venv-salt-minion: - Remove kiwi python module from the bundle as no longer required - Handle non-UTF-8 bytes in core grains generation (bsc#1202165) - Don't include kiwi binaries - Fix Syndic authentication errors (bsc#1199562) - Add Amazon EC2 detection for virtual grains (bsc#1195624) - Fix the regression in schedule module releasded in 3004 (bsc#1202631) - Fix state.apply in test mode with file state module on user/group checking (bsc#1202167) - Change the delimeters to prevent possible tracebacks on some packages with dpkg_lowpkg - Make zypperpkg to retry if RPM lock is temporarily unavailable (bsc#1200596) - Add SELinux profile to the package instead of using semanage - Remove Build ID links from the virtual environment and disable generating new links on building the package - Remove packages.log from the virtual environment - Fix test_ipc unit test ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3760-1 Released: Wed Oct 26 10:58:30 2022 Summary: Security update for netty Type: security Severity: important References: 1168932,1182103,1190610,1190613,CVE-2020-11612,CVE-2021-21290,CVE-2021-37136,CVE-2021-37137 This update for netty fixes the following issues: - CVE-2020-11612: The ZlibDecoders allow for unbounded memory allocation while decoding a byte stream (bsc#1168932) - CVE-2021-21290: Information disclosure via the local system temporary directory (bsc#1182103) - CVE-2021-37136: Bzip2Decoder doesn't allow setting size restrictions for decompressed data (bsc#1190610) - CVE-2021-37137: Snappy frame decoder doesn't restrict the chunk length and may buffer skippable chunks (bsc#1190613) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3761-1 Released: Wed Oct 26 10:58:50 2022 Summary: Security update for release-notes-susemanager, release-notes-susemanager-proxy Type: security Severity: moderate References: 1191857,1195624,1196729,1197027,1198168,1198903,1199726,1200480,1200573,1200629,1201210,1201220,1201260,1201589,1201626,1201753,1201788,1201913,1201918,1202271,1202272,1202367,1202455,1202464,1202602,1202728,1202729,1202805,1202899,1203026,1203049,1203056,1203169,1203287,1203288,1203385,1203406,1203422,1203449,1203478,1203484,1203564,1203585,1203611,CVE-2021-41411,CVE-2021-42740,CVE-2021-43138,CVE-2022-0860,CVE-2022-31129 This update for release-notes-susemanager, release-notes-susemanager-proxy fixes the following issues: Release notes for SUSE Manager: - Update to SUSE Manager 4.3.2 * Containerized proxy and RBS are now fully supported * HTTP API is now fully supported * Ubuntu 22.04 is now supported as a client * Cobbler has been upgraded to version 3.3.3 which also includes building ISOs with UEFI support * pip support has been added for the Salt Bundle * Prometheus exporter for Apache has been upgraded to 0.10.0 * CVEs fixed: CVE-2021-41411, CVE-2021-42740, CVE-2021-43138, CVE-2022-0860, CVE-2022-31129 * Bugs mentioned: bsc#1191857, bsc#1195624, bsc#1196729, bsc#1197027, bsc#1198168 bsc#1198903, bsc#1199726, bsc#1200480, bsc#1200573, bsc#1200629 bsc#1201210, bsc#1201220, bsc#1201260, bsc#1201626, bsc#1201753 bsc#1201788, bsc#1201913, bsc#1201918, bsc#1202271, bsc#1202272 bsc#1202367, bsc#1202455, bsc#1202464, bsc#1202602, bsc#1202728 bsc#1202729, bsc#1202805, bsc#1202899, bsc#1203026, bsc#1203049 bsc#1203056, bsc#1203169, bsc#1203287, bsc#1203288, bsc#1203385 bsc#1203406, bsc#1203422, bsc#1203449, bsc#1203478, bsc#1203484 bsc#1203564, bsc#1203585, bsc#1203611 Release notes for SUSE Manager Proxy: - Update to SUSE Manager 4.3.2 * Containerized proxy and RBS are now fully supported * CVEs fixed: CVE-2021-42740, CVE-2021-43138, CVE-2022-31129 * Bugs mentioned: bsc#1198168, bsc#1198903, bsc#1200480, bsc#1201589, bsc#1201788 bsc#1203287, bsc#1203288, bsc#1203585 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3880-1 Released: Fri Nov 4 15:26:54 2022 Summary: Security update for spacewalk-java Type: security Severity: critical References: 1204543,1204716,1204741,CVE-2022-31255,CVE-2022-43753,CVE-2022-43754 This update for spacewalk-java fixes the following issues: - CVE-2022-31255: Fix directory path traversal vulnerability (bsc#1204543) - CVE-2022-43754: Fix reflected cross site scripting vulnerability (bsc#1204741) - CVE-2022-43753: Fix arbitrary file disclosure vulnerability (bsc#1204716) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3945-1 Released: Thu Nov 10 16:53:13 2022 Summary: Recommended update for SUSE Manager 4.3.2 Type: recommended Severity: critical References: 1204050,1204948 This update for SUSE Manager 4.3.2 fixes the following issues: proxy-httpd-image: - Remove chmod and chown of /srv/www/htdocs/pub as this folder does not exist proxy-squid-image: - Update the squid.pid path to /run/squid.squid.pid (bsc#1204948) spacewalk-java: - Version 4.3.40-1 * Fix number of handlers for deleted files managed by taskomatic growing continuously (bsc#1204050) How to apply this update: 1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk service: `spacewalk-service stop` 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: `spacewalk-service start` ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3994-1 Released: Tue Nov 15 16:45:17 2022 Summary: Recommended update for SUSE Manager Server 4.3 Type: recommended Severity: critical References: 1203478 This update for SUSE Manager Server 4.3 fixes the following issues: cobbler: - Fix problem for the migration of 'autoinstall' collection attribute. - Update v2 to v3 migration script to allow migration of collections that contains settings from Cobbler 2 (bsc#1203478) spacewalk-setup: - Version 4.3.14-1 * Fix possible wrong autoinstall value from Cobbler collections (bsc#1203478) - Version 4.3.13-1 * Execute migration of Cobbler version 2 collections (bsc#1203478) How to apply this update: 1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk service: `spacewalk-service stop` 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: `spacewalk-service start` The following package changes have been done: - python3-cachetools-4.1.0-150200.3.4.1 added - python3-google-auth-1.21.2-150300.3.6.1 added - release-notes-sle_hpc-15.400000000.20220831-150400.3.3.1 added - release-notes-sle_rt-15.4.20220802-150400.1.11 added - SUSE-Manager-Proxy-release-4.3-150400.55.1 added - release-notes-susemanager-proxy-4.3.2-150400.3.9.3 added - skelcd-control-suse-manager-proxy-4.3.1-150400.3.3.1 added - SUSE-Manager-Retail-Branch-Server-release-4.3-150400.55.1 added - release-notes-susemanager-proxy-4.3.2-150400.3.9.3 added - skelcd-control-suse-manager-retail-branch-server-4.3.1-150400.3.3.1 added - SUSE-Manager-Server-release-4.3-150400.55.1 added - release-notes-susemanager-4.3.2-150400.3.15.1 added - skelcd-control-suse-manager-server-4.3.1-150400.3.3.1 added - POS_Image-RPi-Bootstrap-7.0.0-Build2.173 added - ansible-2.9.27-150000.1.14.1 added - ansible-doc-2.9.27-150000.1.14.1 added - grub2-arm64-efi-2.06-150400.11.12.1 added - hwdata-0.360-150000.3.48.1 added - libgsasl-lang-1.8.0-150400.3.3.1 added - mgr-cfg-4.3.6-150400.1.43 added - mgr-cfg-actions-4.3.6-150400.1.43 added - mgr-cfg-client-4.3.6-150400.1.43 added - mgr-cfg-management-4.3.6-150400.1.43 added - mgr-custom-info-4.3.3-150400.1.88 added - mgr-daemon-4.3.6-150400.3.6.4 added - mgr-osad-4.3.6-150400.1.25 added - mgr-push-4.3.4-150400.1.36 added - python3-debian-0.1.31-3.19 added - python3-hwdata-2.3.5-150000.3.9.1 added - python3-jabberpy-0.5-1.24 added - python3-mgr-cfg-4.3.6-150400.1.43 added - python3-mgr-cfg-actions-4.3.6-150400.1.43 added - python3-mgr-cfg-client-4.3.6-150400.1.43 added - python3-mgr-cfg-management-4.3.6-150400.1.43 added - python3-mgr-osa-common-4.3.6-150400.1.25 added - python3-mgr-osad-4.3.6-150400.1.25 added - python3-mgr-push-4.3.4-150400.1.36 added - python3-python-debian-0.1.44-150400.9.3.1 added - python3-python-memcached-1.59-3.7.1 added - python3-pyvmomi-6.7.3-3.2.1 added - python3-redis-3.4.1-3.5.1 added - python3-rhnlib-4.3.4-150400.1.15 added - python3-spacewalk-certs-tools-4.3.15-150400.3.6.2 added - python3-spacewalk-check-4.3.12-150400.3.6.6 added - python3-spacewalk-client-setup-4.3.12-150400.3.6.6 added - python3-spacewalk-client-tools-4.3.12-150400.3.6.6 added - python3-spacewalk-oscap-4.3.5-150400.1.15 added - python3-suseRegisterInfo-4.3.3-150400.1.13 added - python3-zypp-plugin-spacewalk-1.0.13-150000.3.32.1 added - spacecmd-4.3.15-150400.3.6.4 added - spacewalk-backend-4.3.16-150400.3.6.8 added - spacewalk-base-minimal-4.3.24-150400.3.6.4 added - spacewalk-base-minimal-config-4.3.24-150400.3.6.4 added - spacewalk-certs-tools-4.3.15-150400.3.6.2 added - spacewalk-check-4.3.12-150400.3.6.6 added - spacewalk-client-setup-4.3.12-150400.3.6.6 added - spacewalk-client-tools-4.3.12-150400.3.6.6 added - spacewalk-oscap-4.3.5-150400.1.15 added - spacewalk-proxy-broker-4.3.12-150400.3.5.1 added - spacewalk-proxy-common-4.3.12-150400.3.5.1 added - spacewalk-proxy-docs-4.3.1-150400.1.44 added - spacewalk-proxy-html-4.3.3-150400.1.11 added - spacewalk-proxy-installer-4.3.10-150400.3.3.2 added - spacewalk-proxy-management-4.3.12-150400.3.5.1 added - spacewalk-proxy-package-manager-4.3.12-150400.3.5.1 added - spacewalk-proxy-redirect-4.3.12-150400.3.5.1 added - spacewalk-proxy-salt-4.3.12-150400.3.5.1 added - spacewalk-remote-utils-4.3.3-150400.1.26 added - spacewalk-setup-jabberd-4.3.1-150400.1.55 added - spacewalk-ssl-cert-check-4.3.2-150400.1.29 added - supportutils-plugin-salt-1.2.0-150400.1.1 added - supportutils-plugin-susemanager-client-4.3.2-150400.1.11 added - supportutils-plugin-susemanager-proxy-4.3.2-150400.1.31 added - suseRegisterInfo-4.3.3-150400.1.13 added - susemanager-build-keys-15.4.3-150400.3.6.1 added - susemanager-build-keys-web-15.4.3-150400.3.6.1 added - susemanager-tftpsync-recv-4.3.7-150400.3.3.3 added - system-user-prometheus-1.0.0-6.1 added - zypp-plugin-spacewalk-1.0.13-150000.3.32.1 added - apache2-mod_wsgi-python3-4.5.18-4.3.1 added - apache2-mod_wsgi-python3-debuginfo-4.5.18-4.3.1 added - apache2-mod_wsgi-python3-debugsource-4.5.18-4.3.1 added - dwz-0.12-150000.3.2.1 added - dwz-debuginfo-0.12-150000.3.2.1 added - dwz-debugsource-0.12-150000.3.2.1 added - golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.15.1 added - golang-github-boynux-squid_exporter-1.6-1.6.1 added - golang-github-boynux-squid_exporter-debuginfo-1.6-1.6.1 added - golang-github-lusitaniae-apache_exporter-0.11.0-150000.1.12.1 added - golang-github-lusitaniae-apache_exporter-debuginfo-0.11.0-150000.1.12.1 added - golang-github-prometheus-alertmanager-0.23.0-150100.4.10.1 added - golang-github-prometheus-prometheus-2.32.1-150100.4.9.2 added - jabberd-2.7.0-150400.1.22 added - jabberd-db-2.7.0-150400.1.22 added - jabberd-db-debuginfo-2.7.0-150400.1.22 added - jabberd-debuginfo-2.7.0-150400.1.22 added - jabberd-debugsource-2.7.0-150400.1.22 added - jabberd-sqlite-2.7.0-150400.1.22 added - jabberd-sqlite-debuginfo-2.7.0-150400.1.22 added - libgsasl-debugsource-1.8.0-150400.3.3.1 added - libgsasl7-1.8.0-150400.3.3.1 added - libgsasl7-debuginfo-1.8.0-150400.3.3.1 added - libntlm-debugsource-1.4-150400.1.10 added - libntlm0-1.4-150400.1.10 added - libntlm0-debuginfo-1.4-150400.1.10 added - libudns0-0.4-0.150400.9.11 added - libudns0-debuginfo-0.4-0.150400.9.11 added - patterns-suma_proxy-4.3-150400.5.3.1 added - prometheus-blackbox_exporter-0.19.0-150000.1.11.1 added - prometheus-blackbox_exporter-debuginfo-0.19.0-1.3.1 added - python3-uyuni-common-libs-4.3.6-150400.3.6.4 added - rpm-build-4.14.3-150300.49.1 added - rpm-build-debuginfo-4.14.3-150300.49.1 added - rpm-debuginfo-4.14.3-150300.49.1 added - rpm-debugsource-4.14.3-150300.49.1 added - sle-module-suse-manager-proxy-release-4.3-150400.9.21 added - udns-0.4-0.150400.9.11 added - udns-debuginfo-0.4-0.150400.9.11 added - udns-debugsource-0.4-0.150400.9.11 added - uyuni-base-common-4.3.2-150400.1.21 added - uyuni-base-proxy-4.3.2-150400.1.21 added - venv-salt-minion-3004-150000.3.14.1 added - sle-module-suse-manager-retail-branch-server-release-4.3-150400.9.21 added - antlr-java-2.7.7-16.63 added - antlr3-java-3.5.2-1.76 added - apache-commons-cli-1.4-1.63 added - apache-commons-codec-1.11-1.63 added - apache-commons-compress-1.21-150200.3.7.1 added - apache-commons-csv-1.2-150400.3.3.1 added - apache-commons-el-1.0-3.3.1 added - apache-commons-jexl-2.1.1-1.68 added - apache-commons-lang3-3.8.1-1.63 added - apache-commons-math3-3.2-150400.3.3.1 added - apache-mybatis-3.2.3-150400.1.12 added - base64coder-20101219-1.63 added - bind-formula-0.1.1642519328.52d7c39-150400.1.9 added - branch-network-formula-0.1.1628156312.dbd0dec-150400.1.10 added - byte-buddy-1.8.17-150400.1.12 added - c3p0-0.9.5.5-150400.1.12 added - cal10n-0.7.7-9.64 added - classmate-1.3.4-150400.1.12 added - cobbler-3.3.3-150400.5.14.1 added - concurrent-1.3.4-277.150400.277.15 added - concurrentlinkedhashmap-lru-1.3.1-150400.1.12 added - cpu-mitigations-formula-0.4.0-150400.1.9 added - dhcpd-formula-0.1.1641480250.d5bd14c-150400.1.9 added - dom4j-1.6.1-10.12 added - drbd-formula-0.4.2+git.1616116365.1e3ab34-3.6.1 added - drools-7.17.0-150400.3.6.1 added - dwr-3.0.2-0.150400.10.14 added - ehcache-2.10.1-150400.1.18 added - geronimo-annotation-1_0-api-1.2-150200.15.2.1 added - geronimo-stax-1_0-api-1.2-150200.15.2.1 added - google-gson-2.8.9-150200.3.6.3 added - grafana-formula-0.7.0-150400.1.9 added - guava-30.1.1-150400.1.9 added - habootstrap-formula-0.4.4+git.1632747498.2caa677-3.20.1 added - hibernate-commons-annotations-5.0.4-150400.1.9 added - hibernate-types-2.12.1-150400.1.14 added - hibernate5-5.3.25-150400.1.9 added - httpcomponents-asyncclient-4.1.4-150400.1.9 added - httpcomponents-client-4.5.6-3.2.6 added - httpcomponents-core-4.4.10-3.2.6 added - hwdata-0.360-150000.3.48.1 added - ical4j-3.0.18-150400.1.9 added - image-sync-formula-0.1.1661440542.6cbe0da-150400.3.6.1 added - isorelax-0.1-9.63 added - jackson-annotations-2.13.0-150200.3.6.1 added - jackson-core-2.13.0-150200.3.6.1 added - jackson-databind-2.13.0-150200.3.9.1 added - jade4j-1.2.5-150400.1.10 added - jakarta-commons-validator-1.1.4-21.150400.21.3.4 added - java-saml-2.4.0-150400.1.13 added - javassist-3.23.1-1.63 added - jaxen-1.1.1-10.63 added - jboss-logging-3.4.1-150200.3.3.1 added - jcommon-1.0.16-0.150400.9.15 added - jdom-1.1.3-10.63 added - joda-time-2.10.1-1.63 added - jose4j-0.5.1-150400.3.3.1 added - jpa-api-2.2.2-150400.1.13 added - jsch-0.1.55-150400.2.15 added - jsr-305-3.0.2-150400.3.17 added - jzlib-1.1.3-9.63 added - kie-api-7.17.0-150400.3.3.1 added - kie-soup-7.17.0.Final-150400.1.12 added - libgsasl-lang-1.8.0-150400.3.3.1 added - locale-formula-0.3-150400.3.3.1 added - lucene-2.4.1-150400.1.13 added - mchange-commons-0.2.20-150400.1.6 added - mgr-libmod-4.3.3-150400.1.18 added - mgr-osa-dispatcher-4.3.6-150400.1.25 added - mgr-push-4.3.4-150400.1.36 added - mvel2-2.2.6.Final-150400.3.3.1 added - netty-4.1.44.Final-150400.3.3.2 added - objectweb-asm-7.2-1.63 added - openvpn-formula-0.1.2-150400.1.9 added - optaplanner-7.17.0-150400.3.3.1 added - perl-Frontier-RPC-0.07b4-150400.1.9 added - perl-Net-Telnet-3.04-1.25 added - perl-Satcon-4.3.1-150400.1.39 added - perl-Term-Completion-1.00-150400.1.7 added - pgjdbc-ng-0.8.7-150400.1.9 added - picocontainer-1.3.7-150400.1.14 added - prometheus-client-java-0.3.0-150400.1.12 added - prometheus-exporters-formula-1.2.0-150400.1.9 added - prometheus-formula-0.6.2-150400.1.7 added - prometheus-jmx_exporter-0.3.1-150400.1.14 added - prometheus-jmx_exporter-tomcat-0.3.1-150400.1.14 added - pxe-default-image-sle15-4.3.0-Build1.7 added - pxe-formula-0.1.1615805990.f15c8d9-150400.1.9 added - pxe-yomi-image-sle15-1.0.0-Build1.414 added - python3-cachetools-4.1.0-150200.3.4.1 added - python3-debian-0.1.31-3.19 added - python3-google-auth-1.21.2-150300.3.6.1 added - python3-hwdata-2.3.5-150000.3.9.1 added - python3-jabberpy-0.5-1.24 added - python3-kubernetes-8.0.1-150100.3.7.1 added - python3-mgr-osa-common-4.3.6-150400.1.25 added - python3-mgr-osa-dispatcher-4.3.6-150400.1.25 added - python3-mgr-push-4.3.4-150400.1.36 added - python3-oauth2client-gce-4.1.3-3.2.1 added - python3-python-debian-0.1.44-150400.9.3.1 added - python3-python-pam-1.8.4-1.24 added - python3-pyvmomi-6.7.3-3.2.1 added - python3-rhnlib-4.3.4-150400.1.15 added - python3-schema-0.6.7-150400.10.3.1 added - python3-spacewalk-certs-tools-4.3.15-150400.3.6.2 added - python3-spacewalk-client-tools-4.3.12-150400.3.6.6 added - python3-suseRegisterInfo-4.3.3-150400.1.13 added - python3-susemanager-retail-1.0.1658330139.861779d-150400.3.3.1 added - python3-urlgrabber-4.1.0-150400.3.6.1 added - python3-vcrpy-2.1.1-1.26 added - python3-ws4py-0.5.1-1.24 added - quartz-2.3.0-150400.1.18 added - redstone-xmlrpc-1.1_20071120-0.150400.9.16 added - reflections-0.9.10-150400.1.12 added - relaxngDatatype-2011.1-8.63 added - salt-netapi-client-0.20.0-150400.3.3.5 added - salt-shaptools-0.3.11+git.1605797958.ae2f08a-3.6.1 added - saltboot-formula-0.1.1661440542.6cbe0da-150400.3.3.1 added - saphanabootstrap-formula-0.7.1+git.1619008686.8600866-3.11.1 added - sapnwbootstrap-formula-0.6.4+git.1621842068.a86c37c-10.1 added - simple-xml-2.6.2-0.150400.10.14 added - sitemesh-2.1-0.150400.9.25 added - slf4j-1.7.30-1.34 added - slf4j-log4j12-1.7.30-1.34 added - snakeyaml-1.31-150200.3.8.1 added - spacecmd-4.3.15-150400.3.6.4 added - spacewalk-admin-4.3.10-150400.3.3.2 added - spacewalk-backend-4.3.16-150400.3.6.8 added - spacewalk-backend-app-4.3.16-150400.3.6.8 added - spacewalk-backend-applet-4.3.16-150400.3.6.8 added - spacewalk-backend-config-files-4.3.16-150400.3.6.8 added - spacewalk-backend-config-files-common-4.3.16-150400.3.6.8 added - spacewalk-backend-config-files-tool-4.3.16-150400.3.6.8 added - spacewalk-backend-iss-4.3.16-150400.3.6.8 added - spacewalk-backend-iss-export-4.3.16-150400.3.6.8 added - spacewalk-backend-package-push-server-4.3.16-150400.3.6.8 added - spacewalk-backend-server-4.3.16-150400.3.6.8 added - spacewalk-backend-sql-4.3.16-150400.3.6.8 added - spacewalk-backend-sql-postgresql-4.3.16-150400.3.6.8 added - spacewalk-backend-tools-4.3.16-150400.3.6.8 added - spacewalk-backend-xml-export-libs-4.3.16-150400.3.6.8 added - spacewalk-backend-xmlrpc-4.3.16-150400.3.6.8 added - spacewalk-base-4.3.24-150400.3.6.4 added - spacewalk-base-minimal-4.3.24-150400.3.6.4 added - spacewalk-base-minimal-config-4.3.24-150400.3.6.4 added - spacewalk-certs-tools-4.3.15-150400.3.6.2 added - spacewalk-client-tools-4.3.12-150400.3.6.6 added - spacewalk-common-4.3.5-150400.3.3.2 added - spacewalk-config-4.3.9-150400.3.3.3 added - spacewalk-html-4.3.24-150400.3.6.4 added - spacewalk-java-4.3.40-150400.3.18.2 added - spacewalk-java-config-4.3.40-150400.3.18.2 added - spacewalk-java-lib-4.3.40-150400.3.18.2 added - spacewalk-java-postgresql-4.3.40-150400.3.18.2 added - spacewalk-postgresql-4.3.5-150400.3.3.2 added - spacewalk-reports-4.3.4-150400.1.11 added - spacewalk-search-4.3.7-150400.3.6.2 added - spacewalk-setup-4.3.14-150400.3.15.1 added - spacewalk-setup-jabberd-4.3.1-150400.1.55 added - spacewalk-taskomatic-4.3.40-150400.3.18.2 added - spacewalk-utils-4.3.14-150400.3.6.3 added - spacewalk-utils-extras-4.3.14-150400.3.6.3 added - spark-core-2.7.2-150400.1.11 added - spark-template-jade-2.3-150400.1.12 added - statistics-1.0.2-150400.1.12 added - stringtree-json-2.0.9-0.150400.12.15 added - struts-1.2.9-162.150400.33.9 added - subscription-matcher-0.29-150400.3.7.1 added - supportutils-plugin-salt-1.2.0-150400.1.1 added - supportutils-plugin-susemanager-4.3.4-150400.1.18 added - suseRegisterInfo-4.3.3-150400.1.13 added - susemanager-branding-oss-4.3.3-150400.1.36 added - susemanager-build-keys-15.4.3-150400.3.6.1 added - susemanager-build-keys-web-15.4.3-150400.3.6.1 added - susemanager-docs_en-4.3-150400.9.6.1 added - susemanager-docs_en-pdf-4.3-150400.9.6.1 added - susemanager-frontend-libs-4.3.0-150400.1.9 added - susemanager-retail-tools-1.0.1658330139.861779d-150400.3.3.1 added - susemanager-schema-4.3.14-150400.3.6.5 added - susemanager-schema-utility-4.3.14-150400.3.6.5 added - susemanager-sls-4.3.25-150400.3.6.4 added - susemanager-sync-data-4.3.9-150400.3.3.1 added - system-lock-formula-0.2-150400.1.9 added - tftpd-formula-0.1.1614170819.014d6e5-150400.1.9 added - tomcat-taglibs-standard-1_2_5-1.2.5-150400.1.10 added - uyuni-config-formula-0.2-150400.1.9 added - uyuni-config-modules-4.3.25-150400.3.6.4 added - uyuni-reportdb-schema-4.3.6-150400.3.3.6 added - uyuni-setup-reportdb-4.3.5-150400.1.9 added - virtual-host-gatherer-1.0.23-150400.3.3.1 added - virtual-host-gatherer-Kubernetes-1.0.23-150400.3.3.1 added - virtual-host-gatherer-Nutanix-1.0.23-150400.3.3.1 added - virtual-host-gatherer-VMware-1.0.23-150400.3.3.1 added - virtual-host-gatherer-libcloud-1.0.23-150400.3.3.1 added - virtualization-formulas-0.6.2-150400.1.21 added - vsftpd-formula-0.1.1568808472.be9f236-150400.1.9 added - woodstox-4.4.2-150400.3.3.1 added - ws-jaxme-0.5.2-10.70 added - xmlpull-api-1.1.3.1-150400.3.3.1 added - xmlsec-2.0.7-150400.1.12 added - xom-1.2b1-10.63 added - xpp2-2.1.10-9.64 added - xpp3-1.1.4c-11.2.2 added - xpp3-minimal-1.1.4c-11.2.2 added - xstream-1.4.19-3.18.2 added - yomi-formula-0.0.1+git.1630589391.4557cfd-150400.1.10 added - apache2-mod_xsendfile-0.12-150400.1.18 added - apache2-mod_xsendfile-debuginfo-0.12-150400.1.18 added - apache2-mod_xsendfile-debugsource-0.12-150400.1.18 added - drbd-utils-9.19.0-150400.3.3.1 added - drbd-utils-debuginfo-9.19.0-150400.3.3.1 added - drbd-utils-debugsource-9.19.0-150400.3.3.1 added - dwz-0.12-150000.3.2.1 added - dwz-debuginfo-0.12-150000.3.2.1 added - dwz-debugsource-0.12-150000.3.2.1 added - fence-agents-4.9.0+git.1624456340.8d746be9-150300.3.14.1 added - fence-agents-debuginfo-4.9.0+git.1624456340.8d746be9-150300.3.14.1 added - fence-agents-debugsource-4.9.0+git.1624456340.8d746be9-150300.3.14.1 added - golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.15.1 added - golang-github-lusitaniae-apache_exporter-0.11.0-150000.1.12.1 added - golang-github-lusitaniae-apache_exporter-debuginfo-0.11.0-150000.1.12.1 added - hub-xmlrpc-api-0.7-150400.3.12 added - inter-server-sync-0.2.3-150400.3.6.1 added - inter-server-sync-debuginfo-0.2.3-150400.3.6.1 added - jabberd-2.7.0-150400.1.22 added - jabberd-db-2.7.0-150400.1.22 added - jabberd-db-debuginfo-2.7.0-150400.1.22 added - jabberd-debuginfo-2.7.0-150400.1.22 added - jabberd-debugsource-2.7.0-150400.1.22 added - jabberd-sqlite-2.7.0-150400.1.22 added - jabberd-sqlite-debuginfo-2.7.0-150400.1.22 added - libgit2-28-0.28.4-150200.3.3.1 added - libgit2-28-debuginfo-0.28.4-150200.3.3.1 added - libgit2-debugsource-1.3.0-150400.3.3.1 added - libgsasl-debugsource-1.8.0-150400.3.3.1 added - libgsasl7-1.8.0-150400.3.3.1 added - libgsasl7-debuginfo-1.8.0-150400.3.3.1 added - libhttp_parser2_7_1-2.7.1-4.2.2 added - libhttp_parser2_7_1-debuginfo-2.7.1-4.2.2 added - libmodulemd-debuginfo-2.13.0-150400.1.8 added - libmodulemd-debugsource-2.13.0-150400.1.8 added - libmodulemd2-2.13.0-150400.1.8 added - libmodulemd2-debuginfo-2.13.0-150400.1.8 added - libntlm-debugsource-1.4-150400.1.10 added - libntlm0-1.4-150400.1.10 added - libntlm0-debuginfo-1.4-150400.1.10 added - libudns0-0.4-0.150400.9.11 added - libudns0-debuginfo-0.4-0.150400.9.11 added - patterns-suma_retail-4.3-150400.5.3.1 added - patterns-suma_server-4.3-150400.5.3.1 added - perl-DBD-Pg-3.10.4-150200.3.3.1 added - perl-DBD-Pg-debuginfo-3.10.4-150200.3.3.1 added - perl-DBD-Pg-debugsource-3.10.4-150200.3.3.1 added - perl-Mail-RFC822-Address-0.3-0.150400.8.9 added - perl-Term-Size-0.207-150400.1.10 added - perl-Term-Size-debuginfo-0.207-150400.1.10 added - perl-Term-Size-debugsource-0.207-150400.1.10 added - prometheus-postgres_exporter-0.10.0-150400.1.34 added - protobuf-debugsource-3.9.2-4.12.1 added - protobuf-java-3.9.2-4.12.1 added - python-Cheetah3-debuginfo-3.2.4-1.24 added - python-Cheetah3-debugsource-3.2.4-1.24 added - python-multidict-debugsource-4.5.2-1.24 added - python-psycopg2-debuginfo-2.8.5-5.7.1 added - python-psycopg2-debugsource-2.8.5-5.7.1 added - python-pygit2-debuginfo-0.28.2-1.35 added - python-pygit2-debugsource-0.28.2-1.35 added - python-yarl-debugsource-1.3.0-3.3.1 added - python3-Cheetah3-3.2.4-1.24 added - python3-Cheetah3-debuginfo-3.2.4-1.24 added - python3-libmodulemd-2.13.0-150400.1.8 added - python3-magic-5.32-150000.7.16.1 added - python3-multidict-4.5.2-1.24 added - python3-multidict-debuginfo-4.5.2-1.24 added - python3-psycopg2-2.8.5-5.7.1 added - python3-psycopg2-debuginfo-2.8.5-5.7.1 added - python3-pygit2-0.28.2-1.35 added - python3-pygit2-debuginfo-0.28.2-1.35 added - python3-uyuni-common-libs-4.3.6-150400.3.6.4 added - python3-yarl-1.3.0-3.3.1 added - python3-yarl-debuginfo-1.3.0-3.3.1 added - reprepro-5.4.0-150400.3.6.1 added - reprepro-debuginfo-5.4.0-150400.3.6.1 added - reprepro-debugsource-5.4.0-150400.3.6.1 added - rpm-build-4.14.3-150300.49.1 added - rpm-build-debuginfo-4.14.3-150300.49.1 added - rpm-debuginfo-4.14.3-150300.49.1 added - rpm-debugsource-4.14.3-150300.49.1 added - simple-core-3.1.3-0.150400.8.15 added - sle-module-suse-manager-server-release-4.3-150400.9.21 added - smdba-1.7.10-0.150400.4.3.1 added - spacewalk-branding-4.3.5-150400.1.18 added - susemanager-4.3.19-150400.3.6.4 added - susemanager-tftpsync-4.3.2-150400.3.3.4 added - susemanager-tools-4.3.19-150400.3.6.4 added - typelib-1_0-Modulemd-2_0-2.13.0-150400.1.8 added - udns-0.4-0.150400.9.11 added - udns-debuginfo-0.4-0.150400.9.11 added - udns-debugsource-0.4-0.150400.9.11 added - uyuni-base-common-4.3.2-150400.1.21 added - uyuni-base-server-4.3.2-150400.1.21 added - venv-salt-minion-3004-150000.3.14.1 added